[thelist] Probing for IIS? _vti_bin ?
Tim Luoma
luomat at peak.org
Mon Jul 8 09:50:01 CDT 2002
I'm getting a lot of 404 hits for people looking for /MSOffice or /_vti_*
I assume this is a probe for some sort of IIS exploit?
webalizer has an index.html file in a _vti_cnf/ folder -- can I get rid
of that safely? (I'm not using FrontPage)
<tip type="Dealing with http security probes" author="Tim Luoma
http://www.tntluoma.com/">
I like to keep a close eye on my 404 pages to see what old links people
are using, so I get an email alert whenever someone hits a 404 page.
Rather than get 404 messages for probes looking for security holes, I
created a very basic page (no need to waste processor time on anything
complex) and redirect them using .htaccess, such as:
Redirect 301 /MSOffice
http://www.tntluoma.com/microsoft/nomshere/
Redirect 301 /_vti_bin/owssvr.dll
http://www.tntluoma.com/microsoft/nomshere/
No more 404 log entries for them, and if I want to see how often it got
hit, I just check the access_log for
http://www.tntluoma.com/microsoft/nomshere/ (which isn't linked anywhere
else, so all hits are from this redirect).
</tip>
More information about the thelist
mailing list