Hi What needs adding to the URLSCAN.ini file to catch these attacks.?? 217.96.188.1 anonymous - N 2003-02-25 23:33:19 w3proxy CELERIS - www - - - 96 3551 http TCP GET http://www/scripts/..%252f../winnt/system32/cmd.exe?/c+dir - - 502 - - - I have added these various combinations '.exe?' , '?/' , '/c+' to the ini file, but non seem to catch this. I want to remove this so it does not clog up my iis server logs. Any clues.???? --------------------------------------------- Raji Arulambalam Systems Administrator Environment Bay of Plenty P O Box 364 Whakatane. NEW ZEALAND -------------------------------------------- ****************************************************** This e-mail has been checked for viruses and no viruses were detected.