kaseytraeger Posted July 13, 2004 Posted July 13, 2004 I just read through my error logs and found the following segment. [Tue Jul 13 10:01:33 2004][error] [client 12.172.138.253] File does not exist: /home/cpanelname/public_html/doggydiaries/404.shtml[Tue Jul 13 10:01:33 2004] [error] [client 12.172.138.253] File does not exist: /home/cpanelname/public_html/doggydiaries/MSOffice/cltreq.asp [Tue Jul 13 10:01:31 2004] [error] [client 12.172.138.253] File does not exist: /home/cpanelname/public_html/doggydiaries/404.shtml [Tue Jul 13 10:01:31 2004] [error] [client 12.172.138.253] File does not exist: /home/cpanelname/public_html/doggydiaries/_vti_bin/owssvr.dll [Tue Jul 13 00:15:24 2004] [error] [client 64.175.239.176] File does not exist: /home/cpanelname/public_html/404.shtml [Tue Jul 13 00:15:24 2004] [error] [client 64.175.239.176] File does not exist: /home/cpanelname/public_html/favicon.ico [Mon Jul 12 22:31:37 2004] [error] [client 69.144.130.119] File does not exist: /home/cpanelname/public_html/401.shtml I'm concerned about the request on lines (2) and (4) for /MSOffice/cltreq.asp and /_vti_bin/owssvr.dll onmy blog, located in public_html/doggydiaries/ Does anyone see any reason for me to be alarmed? Why would someone be looking for those files? Quote
TCH-Rob Posted July 13, 2004 Posted July 13, 2004 This is due to being visited by a user who has installed Microsoft Office and Internet Explorer, and who has enabled the "Discuss" toolbar in his browser. When that toolbar is enabled, the browser will automatically query for these two files when visiting each site, to determine whether the Office Server Extensions are installed. Quote
kaseytraeger Posted July 13, 2004 Author Posted July 13, 2004 Thanks, Rob. That's handy information to know. I wasn't sure if it was someone trying to look for a backdoor into my site or what... [Edit added 13-Jul-04, 09:55 PDT] Raul, thanks for the tip. I'll definitely be watching this. I certainly wouldn't want to be hacked! Quote
borfast Posted July 13, 2004 Posted July 13, 2004 (edited) Sorry, I accidentaly deleted my post (wanted to edit it but clicked the "delete" button - I did find it strange that it asked me if I did want to edit my post.... ). It basically said something like this Kasey, that may be a script kiddy trying to find some known vulnerabilities in your site. There are some tools that automate the search for vulnerable scripts and such. But I wouldn't worry too much about it, because those programs usually search for rather old vulnerabilities which no longer pose any danger. Note that I'm not saying that you shouldn't keep an eye out but those guys usually try a couple of those tools and then give up because they don't have the knowledge to hack into a server wink.gif Edited July 13, 2004 by TCH-Raul Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.