Dave Bender <[EMAIL PROTECTED]> wrote: > I was just sorting through our "Failed Requests" report, trying to > count up the numbers of hits to > "/scripts/..%5c../winnt/system32/cmd.exe" and numerous variations to > get a sense of how often hacking attempts (-- that's what these are, > right? --) our site deals with daily.
They're more likely to be attempts by IIS web servers infected with Code Red of Nimda to spread. > I was wondering if it is possible to automatically break those out in > a separate report. It seems like it would be worthwhile to help > raise the awareness of attempts to exploit web sites for our > non-technical management. > > How difficult would it be to create such a report? Just FILEINCLUDE all the requests you feel fall into that category, and run a report with FAILURE ON. Aengus +------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | Digest version: http://lists.isite.net/listgate/analog-help-digest/ | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general | List archives: http://www.analog.cx/docs/mailing.html#listarchives +------------------------------------------------------------------------
