Make sure your web server has all the latest security patches. Also, insure that you install the latest fixes for ISA and IIS server. The process as in your logs show a 401 error which means nothing executed. It is a standard exploit that should be patched. Joseph -----Original Message----- From: Vinaykumar G [mailto:G.Vinay@xxxxxxxxx] Sent: Wednesday, February 13, 2002 10:42 PM To: [ISAserver.org Discussion List] Subject: [isalist] Urgent please!!! http://www.ISAserver.org Hi All, Iam using ISA server in Integrated mode and have published some webservers behind it and I reguralry check the ISA logs and strangely I found the following entries in my ISA log............ What are these entries? please let me know urgently............ anonymous w3proxy ISA http://www/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir - - 401 - - - -anonymous GET http://www/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir - - 401 - - - Regards, vinay. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')