On 31-May-01 Peer Stefan wrote:
Ok, Microsoft Frontpages has several security flaws, but that does not automatically mean that every request for _vti_<whatever> is done by a hacker or a script-kiddy.
Well, not *every* request, but there are *some*. That�s enough for being worried, isn�t it.
Have a look at the browser the client is using, if it's "MSFrontPage/X.Y" then please don't worry. But do worry if it's the only request for a link containing _vti* or if there is only one client (if it's not a proxy) requesting this url.
Watch your system, but don't worry to much.
IMHO such suggestions are somewhat misleading. At last, this is a security mailing list we�re posting in, and a certain amount of paranoia seems to be appropriate considering the current lack of (inter)network security we�re confronted with all day. Sometimes I wish some of �dem (security-)admins would be just a little more agressive towards security incidents of *any* kind, even if they (the incidents) would end up being harmless. Sorry for the rant...;)
regards, Stefan Peer
-----Urspr�ngliche Nachricht----- Von: Soeren Todt [mailto:sworn@gmx.net] Gesendet: Donnerstag, 31. Mai 2001 15:30 An: suse-security@suse.com; Thorsten Marquardt Betreff: Re: [suse-security] Strange apache log entry
Hi,
----- Original Message ----- From: "Thorsten Marquardt"
To: Sent: Thursday, May 31, 2001 1:45 PM Subject: [suse-security] Strange apache log entry my logfiles reports 404 requests to /_vti_bin/shtml.exe/_vti_rpc and similar.
Is this a kind of hacker attack? [...]
---
Boris Lorenz