Re: Look At this !

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 29 Oct 2001 06:12:04 -0800

It's ok; in this case, you didn't really get "hit".  You'll notice that all
of the clients identified themselves as "MSFrontPage/4.0".  This tells you
that someone is trying to make changes to your web site.
That IP resolves to a dial-up user in Italy (ppp-81-72.20-151.libero.it).
The rest is inline...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG

----- Original Message -----
From: "Danny" <uesse@xxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, October 29, 2001 01:52
Subject: [isalist] Look At this !


http://www.ISAserver.org


This is what my ISA log file registered.
There is 8 records.
I don't understand what this user tried to do:
151.20.72.81 anonymous MSFrontPage/4.0 2001-10-25 10:12:37 MYSERVER -
www.mydomain.com 10.1.2.3 80 - 366 245 http POST
http://10.1.2.3/_vti_bin/shtml.dll/_vti_rpc Inet 404

======================================
POST ? What did he POST on my server ?
* Nothing; notice the "404" response code.  This means that ISA couldn't
even find the resource
======================================

151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25
10:12:38 MYSERVER - www.mydomain.com - 80 - 307 700 http GET
http://10.1.2.3/myDefaultNoFlash.htm Cache 0

* "Cache 0" means that the request wasn't found anywhere, not even the cache

151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25
10:12:41 MYSERVER - www.mydomain.com - 80 - 297 1986 http GET
http://10.1.2.3/_vti_inf.html Cache 0

151.20.72.81 anonymous MSFrontPage/4.0 2001-10-25 10:12:42 MYSERVER -
www.mydomain.com 10.1.2.3 80 10 366 245 http POST
http://10.1.2.3/_vti_bin/shtml.dll/_vti_rpc Inet 404

151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25
10:12:43 MYSERVER - www.mydomain.com - 80 10 298 1055 http GET
http://10.1.2.3/mynavigation.htm Cache 0

151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25
10:12:43 MYSERVER - www.mydomain.com - 80 - 297 1986 http GET
http://10.1.2.3/_vti_inf.html Cache 0

151.20.72.81 anonymous MSFrontPage/4.0 2001-10-25 10:12:44 MYSERVER -
www.mydomain.com 10.1.2.3 80 10 366 245 http POST
http://10.1.2.3/_vti_bin/shtml.dll/_vti_rpc Inet 404

151.20.72.81 anonymous Mozilla/2.0 (compatible; MS FrontPage 4.0) 2001-10-25
10:12:44 MYSERVER - www.mydomain.com - 80 - 304 3530 http GET
http://10.1.2.3/mysiteNoFlash.htm Cache 0

Please help me to understand all this !

Danny




------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2001