We host a blog, running on B2Evolution (Apache Linux), and I see one particular expoit attempt in our logs a great deal. It doesn't work against our blog instance, but since I see this attempted so often, I figure it either is effective against earlier versions of b2evolution, or perhaps against some other blog software. I see lots of variations of it, but they are all GET requests for something like: our.blog.url/index.php?blog=../../../../../../../etc/passwd Sometimes the URL variable name is different, or some other variation. Anyone know what blog software is or was vulnerable to this attack? Also, what are the most common attacks/probes you see against Apache webservers? I'm making a top five list. (I've read "High Fidelity", obviously) Thanks, E.B.W.