palmpal,

Whether you need to worry depends very much on what kind of server you're on, and whether those files exist.

I believe this is the NIMDA virus attempting to propagate. It won't work if you're running an Apache or other non-MS server. It also won't work if you've got the latest MS server patches installed.

Jim

Thank you. My website is on an apache server.

It's not necessarily Nimda as there are a number of viruses and hacks that use cmd.exe. Fortunate for you, it's a Windows based issue. You might want pass the info along to your host (unless you own the server) just to keep them in the loop. That IP may be worth watching.

This is a common exploit attempt (windows servers). There are many hackers with bots that will automatically hit a site with known vulnerabilities such as url strings containing cmd.exe. I see hundereds of the these a month on our server logs.

In the past Ive tried emailing the isp's of the originating Ip address and never got a single response. I dont bothger banning the IP,s. I just continually make sure that the server is a secure and watertight as possible.