charle97 Posted December 28, 2003 Posted December 28, 2003 i'm seeing some odd 404 errors in my logs as listed below: >/_vti_bin/owssvr.dll /MSOffice/cltreq.asp /hciChannels.opml /new/newsubs.opml /w3c/p3p.xml /mySubscriptions.opml /gems/mySubscriptions.opml /MySubscriptions.opml is any of the above legitimate? should i ip ban when any of the above is requested? Quote
TCH-Dick Posted December 28, 2003 Posted December 28, 2003 opml is Outline Processor Markup Language, a variation of XML /_vti_bin/owssvr.dll is usually a hacking attempt but since it is also paired up with /MSOffice/cltreq.asp, that would indicate someone whos PC is infected with the Nimda virus is accessing your site. OR if someine using IE and has the Discussion "feature" turned on in the tool bar it will also sometimes query your site for those files. If its a hacking attemot it will only work if your site was done with front page and you left it wide open, if it was an infected PC you have nothing to worry about since we run linux servers. If it was the discussion feature in IE, again nothing to worry about. I'm not sure about the opml files Quote
youneverknow Posted December 28, 2003 Posted December 28, 2003 What do you mean when you say If its a hacking attemot it will only work if your site was done with front page and you left it wide open Does wide open mean the discussion feature is enabled in FP? Thanks, Doug Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.