It's ok; in this case, you didn't really get "hit". You'll notice that all of the clients identified themselves as "MSFrontPage/4.0". This tells you that someone is trying to make changes to your web site. That IP resolves to a dial-up user in Italy (ppp-81-72.20-151.libero.it). The rest is inline... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG ----- Original Message ----- From: "Danny" <uesse@xxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, October 29, 2001 01:52 Subject: [isalist] Look At this ! http://www.ISAserver.org This is what my ISA log file registered. There is 8 records. I don't understand what this user tried to do: 151.20.72.81 anonymous MSFrontPage/4.0 2001-10-25 10:12:37 MYSERVER - www.mydomain.com 10.1.2.3 80 - 366 245 http POST http://10.1.2.3/_vti_bin/shtml.dll/_vti_rpc Inet 404 ====================================== POST ? What did he POST on my server ? * Nothing; notice the "404" response code. This means that ISA couldn't even find the resource ====================================== 151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25 10:12:38 MYSERVER - www.mydomain.com - 80 - 307 700 http GET http://10.1.2.3/myDefaultNoFlash.htm Cache 0 * "Cache 0" means that the request wasn't found anywhere, not even the cache 151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25 10:12:41 MYSERVER - www.mydomain.com - 80 - 297 1986 http GET http://10.1.2.3/_vti_inf.html Cache 0 151.20.72.81 anonymous MSFrontPage/4.0 2001-10-25 10:12:42 MYSERVER - www.mydomain.com 10.1.2.3 80 10 366 245 http POST http://10.1.2.3/_vti_bin/shtml.dll/_vti_rpc Inet 404 151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25 10:12:43 MYSERVER - www.mydomain.com - 80 10 298 1055 http GET http://10.1.2.3/mynavigation.htm Cache 0 151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25 10:12:43 MYSERVER - www.mydomain.com - 80 - 297 1986 http GET http://10.1.2.3/_vti_inf.html Cache 0 151.20.72.81 anonymous MSFrontPage/4.0 2001-10-25 10:12:44 MYSERVER - www.mydomain.com 10.1.2.3 80 10 366 245 http POST http://10.1.2.3/_vti_bin/shtml.dll/_vti_rpc Inet 404 151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25 10:12:44 MYSERVER - www.mydomain.com - 80 - 304 3530 http GET http://10.1.2.3/mysiteNoFlash.htm Cache 0 Please help me to understand all this ! Danny ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')