attack back? :) These are probably compromised boxes (nimda or code red). You could find the admins of the boxes and tell them, or just ignore it. It's probably not going to accomplish anything by reporting it though. Just take pride in the fact that they haven't gained access to your box. :) Jay -----Original Message----- From: Munir Nassar [mailto:nassarmu at redconcepts.net] Sent: Tuesday, October 30, 2001 8:37 PM To: Twin Cities Linux User Group Subject: [TCLUG] Apache error logs For a couple of days now i have been getting wierd errors in my Apache logs, mostly people doing a GET /dir/cmd.exe, or root.exe don't these people check the server strings? I may be inexperienced but i am not brain dead enough to run IIS. or just even plain windows. but most importantly: should i report the IPs to someone? (i have about 10 different IPs so far) is there anything in particular i should do about this? -munir _______________________________________________ Twin Cities Linux Users Group Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.mn-linux.org/mailman/listinfo/tclug-list