Here are a couple hack attempt I have recieved in the past couple days that maybe everyone should look for.

------------------start log-------------------------
63.21.73.249 - - [07/Jul/2001:04:58:43 -1000] "GET
/cgi-bin/formmail.pl?recipient=casbird06@aol.com,pinnacledawg@aol.com&subject=http://www.sandust.org/cgi-bin/formmail.pl&email=PlatinumScan@hunter.com&=http://www.sandust.org/cgi-bin/formmail.pl
skizan¹·º" 404 -

216.198.90.30 - - [06/Jul/2001:14:55:11 -1000] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir" 404 -
------------------end log---------------------------

both of these were in my web server access logs.  The first one is some yahoo checking my system for formmail.pl to send SPAM.  I am not running formmail.pl so he got 404.

The second on is some junior script kiddie trying to use an IIS exploit on my OpenBSD/Apache system.  MS IIS filters out ../ from URLs so people can't execute commands via your webserver by doing something like http://localhost/../../winnt/system32/cmd.exe?/(any command).  But IIS only looks at acsii characters.  if you replace ../ with the unicode equilevent (..%c1%9c..) then the system will not filter it out and you can run commands on a windows system.  Typically people will run tftp from the windows box to download backdoors.

Anyway, these are just some of the things to check for in your logs.  I should read muine more often.

So I asked my accountant, do I get an agriculture 
exemption for my server farm?