Alexander: Thanks again and mostly for pointing out that I could search for that garbage on Google. It never occurred to me but it comes it with all sorts of info. Do you put those addresses in your hosts.deny file or once they have been there and gotten nothing they don't come back? Thanks, knute... >Am Mo, den 09.05.2005 schrieb Knute Johnson um 1:32: > >> Here is my access_log. Does it look like somebody is trying to >> execute a program? > >> knute... >> >> [root@ljr-2 httpd]# cat access_log >> 66.157.28.95 - - [08/May/2005:14:05:06 -0700] "GET /..%255c..% >> 255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404 362 "-" >> "Mozilla/3.0 > >google would have quickly given you an answer, like: > >http://www.serverautomationtools.com/webcgi/webbatch.exe?techsupt/tsle >ft.web+MS-Security-Virus-Hacks-links+Do-your-logfiles-contain-this.htm >l > >Alexander > > >-- >Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 >legal statement: http://www.uni-x.org/legal.html Fedora Core 2 >GNU/Linux on Athlon with kernel 2.6.11-1.14_FC2smp Serendipity >01:37:18 up 6:08, 18 users, 0.83, 0.78, 0.55 > -- Knute Johnson Molon Labe...
