Am I being hacked?

Question

Here are just a few lines from my Apache 2.0 error_log:

[Sun Nov 25 08:22:04 2012] [error] [client 64.34.195.190] File does not exist: /var/www/         


        

Answer 1

This is just an automatic script deployed by many Script Kiddies looking for a security breach in your apache version/configuration. The signature w00tw00t is usually left by DFind.

Just use a program like fail2ban configured such as this example explains to avoid being flooded by these requests :

https://web.archive.org/web/20160617020600/http://www.userdel.com/post/18618537324/block-w00tw00t-scans-with-fail2ban

This does not necessarily mean you've been hacked, but the server has been scanned for vulnerabilities. However, if you use any of the software that you saw in those logs and it is an older version having known vulnerabilities, you should check your server for unusual files and login activities.