You don't mention what Webserver software you are using, but most can be configured to answer on an IP address+port+host-header combination... Most of these worms will not be able to contact your webserver (well, it won't reach any of your websites), since they are incapable of looking up entries in the DNS. Alterantively, install a firewall. Block requests to port 80 from non-local (or non-trusted) addresses... Cheers Ken ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From: "jsWalter" <jsWalter at torres.ws> Subject: [thelist] speaking of security... : Some amateur has been pounding my server for weeks now... : : GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir : : Yes, I'm on a 2k box. : : No (thank you!) I'm not running IIS : : No, I don't have a scripts directory. : : He's calling from... : : 126.96.36.199 : 188.8.131.52 : 184.108.40.206 : 220.127.116.11 : 18.104.22.168 : 22.214.171.124 : 126.96.36.199 : : How can I find out how owns these Blocks so I can slap his butt! : : Thanks : : Walter : : -- : * * Please support the community that supports you. * * : http://evolt.org/help_support_evolt/ : : For unsubscribe and other options, including the Tip Harvester : and archives of thelist go to: http://lists.evolt.org : Workers of the Web, evolt !