This is up on #debian's info bot: http://www.stone.nu/projects/python_scripts/code_red_warn.py.gz The script goes through your access.log, finds the ip from any default.ida requests, and then sends a http request to the hacked box, forcing root.exe to start a browser on the users system that directs them to a warning page. It's neat. Not legal I'm sure, but neat non the less. Andrew S. Zbikowski | http://www.ringworld.org "We can learn much more from wise words, little from wisecracks and less from wise guys." --William Arthur Ward