On Sun, 22 Aug 2010, Gordon Messmer wrote: > No, they didn't. That's why you were warned that it was a potentially > successful probe. > > The exploit requires that you are running php and have a script that > includes a file referenced by the global variable "g" (or maybe the http > request varible "g"). You should check the files that appear at the > URLs indicated in your logs. If any of those files are php, then you > should further check those to see if they might include files based on > the "g" variable. If so, you may have been compromised. Hello Gordon, Thanks...you are right, those aren't 404 errors, I was looking at something else. I checked through my logs, checked a bunch of files, directories, and such...everything appears to be in order. I tried the URL's they tried and all I got was my website and a 404 error for the two links. I do have PHP installed, but I don't have any PHP scripts running. If anyone else has any other suggestions, though, I'll keep digging. ******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** Staff Meteorologist, Northern Illinois University **** E-mail: sebenste at weather.admin.niu.edu *** web: http://weather.admin.niu.edu ** *******************************************************************************