Apache error/access logs

[Jonathan Hutchins]

You're not exactly being scanned, those are exploit attempts, probably by an
infected computer somewhere.  As far as the firewall is concerned they are
legitimate HTML requests for your server - it doesn't know what you serve.
You'll also see a lot of requests that are trying to gind executable
scripts, mostly on Windows (you'll see the path), some one linux.  I think
some of those are 'nimda'.

Some people trap those requests, grab the IP and block it at the firewall,
especially if it's on the same machine.

A reliable source claims the average life of an un-patched MS IIS server on
the internet is about one minute; un-patched Unix about ten hours.