looks like vulnerability scanners after doing a google search:
Code:
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET HTTP/1.1 HTTP/1.1" 400 272 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /zen/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /zencart/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /zen-cart/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /cart/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /shop/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /store/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /E-commerce/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /e-commerce/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
67.210.97.166 - - [02/Oct/2009:14:12:27 +0000] "GET /commerce/includes/general.js HTTP/1.1" 500 585 "-" "Toata dragostea mea pentru diavola"
and some more :
Code:
218.107.132.124 - - [02/Oct/2009:06:12:19 +0000] "GET /rails/info/properties HTTP/1.0" 500 948 "-" "larbin_2.6.3 gqnmgsp@ruc.edu.cn"
208.80.193.27 - - [02/Oct/2009:06:18:53 +0000] "GET / HTTP/1.0" 500 948 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; YPC 3.2.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; yplus 5.3.03b)"
66.249.67.140 - - [02/Oct/2009:07:17:08 +0000] "GET /dudes.html HTTP/1.1" 500 585 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.67.140 - - [02/Oct/2009:07:17:19 +0000] "GET / HTTP/1.1" 500 585 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
66.249.67.179 - - [02/Oct/2009:07:39:23 +0000] "GET /images/showImg.png HTTP/1.1" 500 585 "-" "Googlebot-Image/1.0"
74.63.66.236 - - [02/Oct/2009:08:03:32 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 345 "-" "-"
208.80.193.30 - - [02/Oct/2009:08:20:46 +0000] "GET / HTTP/1.0" 500 948 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={7056D3EB-D11E-4d6c-958E-F3B9F21FFDCB}; .NET CLR 1.1.4322; Alexa Toolbar)"
65.55.115.154 - - [02/Oct/2009:08:39:24 +0000] "GET /robots.txt HTTP/1.1" 200 204 "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
92.241.182.25 - - [02/Oct/2009:09:02:38 +0000] "GET /robots.txt HTTP/1.1" 200 204 "-" "Mozilla/5.0 (compatible; Tagoobot/3.0; +http://www.tagoo.ru)"
92.241.182.25 - - [02/Oct/2009:09:03:15 +0000] "GET / HTTP/1.1" 500 948 "-" "Mozilla/5.0 (compatible; Tagoobot/3.0; +http://www.tagoo.ru)"
24.196.156.163 - - [02/Oct/2009:09:09:40 +0000] "GET /robots.txt HTTP/1.1" 200 204 "-" "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/spider.html;) Gecko/2008032620"
24.196.156.163 - - [02/Oct/2009:09:09:40 +0000] "GET / HTTP/1.1" 500 585 "-" "Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/spider.html;) Gecko/2008032620"
74.6.22.153 - - [02/Oct/2009:09:17:07 +0000] "GET /robots.txt HTTP/1.0" 200 167 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)"
74.6.22.153 - - [02/Oct/2009:09:17:08 +0000] "GET / HTTP/1.0" 500 585 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)"
the auth.log is where i'd see login attempts right? it doesn't look like there have been too many attempts to ssh into my node.