Greetings! Your software is being mal-used to jack one of my php scripts. The domain being abused is airbrushshoppe.com. Here is the script warning log:
It appears that someone is trying to execute this script in an unauthorized manner. The QUERY STRING used was: ALLUSERSPROFILE: C:\Documents and Settings\All Users APP_POOL_ID: DefaultAppPool CommonProgramFiles: C:\Program Files\Common Files COMPUTERNAME: WWW ComSpec: C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK: NO NUMBER_OF_PROCESSORS: 2 OS: Windows_NT Path: C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem; PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.VBS PROCESSOR_ARCHITECTURE: x86 PROCESSOR_IDENTIFIER: x86 Family 6 Model 8 Stepping 3, GenuineIntel PROCESSOR_LEVEL: 6 PROCESSOR_REVISION: 0803 ProgramFiles: C:\Program Files SystemDrive: C: SystemRoot: C:\WINDOWS TEMP: C:\WINDOWS\TEMP TMP: C:\WINDOWS\TEMP USERPROFILE: C:\Documents and Settings\Default User windir: C:\WINDOWS HTTP_ACCEPT_ENCODING: x-gzip, gzip HTTP_HOST: www.airbrushshoppe.com HTTP_USER_AGENT: NutchCVS/0.7.1 (Nutch running at UW; http://www.nutch.org/docs/en/bot.html; [EMAIL PROTECTED]) AUTH_TYPE: AUTH_PASSWORD: AUTH_USER: CERT_COOKIE: CERT_FLAGS: CERT_ISSUER: CERT_SERIALNUMBER: CERT_SUBJECT: CONTENT_LENGTH: 0 CONTENT_TYPE: GATEWAY_INTERFACE: CGI/1.1 HTTPS: off HTTPS_KEYSIZE: HTTPS_SECRETKEYSIZE: HTTPS_SERVER_ISSUER: HTTPS_SERVER_SUBJECT: INSTANCE_ID: 1973604233 LOCAL_ADDR: 70.141.104.60 LOGON_USER: QUERY_STRING: REMOTE_ADDR: 128.208.6.200 REMOTE_HOST: 128.208.6.200 REMOTE_USER: REQUEST_METHOD: GET SCRIPT_NAME: /forms/hermes.php SERVER_NAME: www.airbrushshoppe.com SERVER_PORT: 80 SERVER_PORT_SECURE: 0 SERVER_PROTOCOL: HTTP/1.0 SERVER_SOFTWARE: Microsoft-IIS/6.0 UNMAPPED_REMOTE_USER: ORIG_PATH_TRANSLATED: E:\Inetpub\airbrushshoppe\www\forms\hermes.php ORIG_PATH_INFO: /forms/hermes.php ORIG_SCRIPT_NAME: /forms/hermes.php SCRIPT_FILENAME: E:\Inetpub\airbrushshoppe\www\forms\hermes.php PHP_SELF: /forms/hermes.php