While building the web performance analytics system at Yahoo!, I took on a daily task to look through access log lines that our parsers didn't like. Things like strange user agent strings, strange referrers, etc. We'd find all sorts of injection attempts in the User-Agent. SQLi, XSS, Shell injection, windows executable injection. Attackers tried whatever they could.
