To the asshats at h0004bd508ca5.ne.client2.attbi.com and dhcp160164059.columbus.rr.com, please get rid of the virii or trojans on your computers that keep on trying to exploit the non-existant IIS system on my IP.
[many similar lines]
h0004bd508ca5.ne.client2.attbi.com – – [15/Aug/2003:11:49:37 -0700] “GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0” 404 301 “-” “-“
dhcp160164059.columbus.rr.com – – [15/Aug/2003:11:49:53 -0700] “GET /default.ida?XX[lots of X’s]XX%u9090%u6858%[more crap]%u0000%u00=a HTTP/1.0” 404 274 “-” “-”
Thankyou.
Update Some statistics from my apache log files.
Logs start: May 02, 2003
Total Lines: 381258
Total number of occurances of a system trying to exploit with “cmd.exe”: 5358 (1.4%)
Unique Hosts: 151
Unique Hosts on the Shaw Network (24.*): 26