i have a lot of entrys in my apache log that look like the one below.

62.6.100.103 - - [08/Jul/2002:13:09:23 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 275

it is obviously not doing any harm.

any mean tricks i can play on these people? is it worth notifying their ISP ?

something to scare them off would be nice. what program are they using? a known one or a mere script?

thanks

It's probably a worm.

Yay for nimda!!

so you mean these nice folks aren't intentionally trying to breech my web server?

i'll go look up `nimda' on google, methinks

Isn't that the Code Red Worm from last year? I think it's never went away. I know it infected alot of DSL routers from Cisco(ie 675 - 678).

no, that's nimda

code red looks for default.ida

Thanks for the heads up on that manual_overide. I get them confused. Sorry for the false info folks. :(