Ok, Microsoft Frontpages has several security flaws, but that does not automatically mean that every request for _vti_<whatever> is done by a hacker or a script-kiddy. Have a look at the browser the client is using, if it's "MSFrontPage/X.Y" then please don't worry. But do worry if it's the only request for a link containing _vti* or if there is only one client (if it's not a proxy) requesting this url. Watch your system, but don't worry to much. regards, Stefan Peer -----Ursprüngliche Nachricht----- Von: Soeren Todt [mailto:sworn@gmx.net] Gesendet: Donnerstag, 31. Mai 2001 15:30 An: suse-security@suse.com; Thorsten Marquardt Betreff: Re: [suse-security] Strange apache log entry Hi, ----- Original Message ----- From: "Thorsten Marquardt" <thom@kaupp.chemie.uni-oldenburg.de> To: <suse-security@suse.com> Sent: Thursday, May 31, 2001 1:45 PM Subject: [suse-security] Strange apache log entry
my logfiles reports 404 requests to /_vti_bin/shtml.exe/_vti_rpc and similar.
Is this a kind of hacker attack?
Maybe you find it out by yourself using a search engine: http://www.google.de/search?q=_vti_bin%2Fshtml.exe%2F_vti_rpc++crack&hl=de&s afe=off then you get results like this: http://www.insecure.org/sploits/Microsoft.frontpage.insecurities.html Ciao Sören --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com