Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Is the following a hack attempt?
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
blith
Client



Joined: Jul 18, 2003
Posts: 977
PostPosted: Fri Dec 02, 2005 9:30 am Reply with quote
Why would someone try to see these files?
Code:
File does not exist: /home/*******/public_html/MSOffice/cltreq.asp


File does not exist: /home/*******/public_html/_vti_bin/owssvr.dll
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Fri Dec 02, 2005 9:35 am Reply with quote
Yep. But only a problem if you use a winblows server ROTFL
 
View user's profile Send private message
blith
PostPosted: Fri Dec 02, 2005 9:38 am Reply with quote
Thanks Raven. Sentinel did not stop this. Another thing these came from an IP at Ft Campbell. Right on the base!!
 
Raven
PostPosted: Fri Dec 02, 2005 9:54 am Reply with quote
NukeSentinel is not supposed to stop that. NukeSentinel guards against XSS and SQL injections. Not winblows exploits.
 
blith
PostPosted: Fri Dec 02, 2005 10:32 am Reply with quote
Thank you kind sir!
 
Susann
Moderator



Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
PostPosted: Fri Dec 02, 2005 4:17 pm Reply with quote
blith
Be happy if you have only these two 404 files because there are a lot more. I found in my logfile analyzer e.g.:


/MSOffice/cltreq.asp
/_vti_inf.html
/_vti_bin/shtml.exe/_vti_rpc
/_vti_bin/_vti_aut/author.exe
/_vti_bin/_vti_aut/author.dll



But there are many results in "google" about this. See also: [ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
blith
PostPosted: Fri Dec 02, 2005 4:30 pm Reply with quote
Susann wrote:
blith
Be happy if you have only these two 404 files because there are a lot more. I found in my logfile analyzer e.g.:


/MSOffice/cltreq.asp
/_vti_inf.html
/_vti_bin/shtml.exe/_vti_rpc
/_vti_bin/_vti_aut/author.exe
/_vti_bin/_vti_aut/author.dll



But there are many results in "google" about this. See also: [ Only registered users can see links on this board! Get registered or login! ]


Oh so this is not a bad thing... okay cool

Quote:
Friendly. You're being visited by a user who has installed Microsoft Office and Internet Explorer, and who has enabled the "Discuss" toolbar in his browser. When that toolbar is enabled, the browser will automatically query for these two files when visiting each site, to determine whether the Office Server Extensions are installed.
 
Susann
PostPosted: Fri Dec 02, 2005 4:34 pm Reply with quote
Yes its not bad like others e.g. /ultramode.txt/xmlrpc.php

xmlrpc.php found this also in my analyzer. It´s no security risk for php-nuke and wordpress if I remember correctly but for some other cms.


I find the 404 files always interesting.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©