Hacking attempt on cubie

While looking through apache logs today, I found a few interesting entries.

`123.45.678.9 - - [02/Jun/2013:17:42:10 +0800] "GET /sdk/../../../../../..//etc/vmware/hostd/vmInventory.xml HTTP/1.1" 404 1105`

`123.45.678.9 - - [02/Jun/2013:17:42:11 +0800] "GET /sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E//etc/vmware/hostd/vmInventory.xml HTTP/1.1" 404 1105`

Someone tried to access vmware config files on my system. Fortunately, I am not running apache as root, so no access rights. Secondly, I'm not running a VM on the system. He even tried different encoding to see to bypass probably some kind of blacklist.

And of course a few of the customary binary stuff that always comes in. Luckily all responded with 501.

`\xd5#\x0fY\x1a1\x9f\x89\xb9}\x16hD\xe6T\x84\x8b\xfc\x9b\xd7v9`

`\xcbR\xde\xc8\xb0\x01+\xcf\xb3B\xc1R\x8d4w\x9bD\x9b\x06!*\xf2\x1c\xb5\xd9E\x9c\x86\x19\x05c\xc9\x95\x9d\xdc7\x19l\x05`

Quite surprised at the volume of attacks that are coming in, I'm running a small website that has probably less than 10 backlinks so where do they harvest all the URL to spam?