A rule in generic_attacks gives me:
[Wed Nov 05 17:02:47 2008] [error] [client 99.999.99.999] ModSecurity: Access
denied with code 501 (phase 2). Pattern match
"(?:\\b(?:(?:n(?:et(?:\\b\\W+?\\blocalgroup|\\.exe)|(?:map|c)\\.exe)|t(?:racer(?:oute|t)|elnet\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|f
Ever since we found and stopped a phishing site that had been planted
on our server to run as the default site under Apache, we have been under
constant attack. Presumably, the perpretrators did not appreciate that
we made their millions of scam emails ineffective.
So, today I just happen to get
