[thelist] Probing for IIS? _vti_bin ?

Tim Luoma luomat at peak.org
Mon Jul 8 09:50:01 CDT 2002


I'm getting a lot of 404 hits for people looking for /MSOffice or /_vti_*

I assume this is a probe for some sort of IIS exploit?

webalizer has an index.html file in a _vti_cnf/ folder -- can I get rid
of that safely?  (I'm not using FrontPage)


<tip type="Dealing with http security probes" author="Tim Luoma
http://www.tntluoma.com/">

I like to keep a close eye on my 404 pages to see what old links people
are using, so I get an email alert whenever someone hits a 404 page.

Rather than get 404 messages for probes looking for security holes, I
created a very basic page (no need to waste processor time on anything
complex) and redirect them using .htaccess, such as:

Redirect 301 /MSOffice
 http://www.tntluoma.com/microsoft/nomshere/
Redirect 301 /_vti_bin/owssvr.dll
http://www.tntluoma.com/microsoft/nomshere/

No more 404 log entries for them, and if I want to see how often it got
hit, I just check the access_log for
http://www.tntluoma.com/microsoft/nomshere/ (which isn't linked anywhere
else, so all hits are from this redirect).

</tip>







More information about the thelist mailing list