phprojekt and .smi annoyance

[excalibur]

Hello,

1. Recently I'm getting lots of 404 due to '/phprojekt/lib/lib.inc.php' and 'phprojekt/lib/layout/venus/venus.php' appended to valid URL's.

2. I run .wma clips. However there are lots of 404 due to replaced clip extension i.e. file-name.wma to file-name.smi
file-name is always an existing file in my site.

Of course I don't use neither phprojekt nor .smi files.

I don't know what causes the phprojekt nuisance but I know it's as ubiquitous as the MS Office pest. Some one told me that phprojekt could be used to stole content, it's that true? And what about the .smi replacement? The last one is driving me mad. Other than that there seems to be no harm, but in order to fight an enemy you must know him.
Thanks

[the_ancient]

Hello,

1. Recently I'm getting lots of 404 due to '/phprojekt/lib/lib.inc.php' and 'phprojekt/lib/layout/venus/venus.php' appended to valid URL's.

2. I run .wma clips. However there are lots of 404 due to replaced clip extension i.e. file-name.wma to file-name.smi
file-name is always an existing file in my site.

Of course I don't use neither phprojekt nor .smi files.

I don't know what causes the phprojekt nuisance but I know it's as ubiquitous as the MS Office pest. Some one told me that phprojekt could be used to stole content, it's that true? And what about the .smi replacement? The last one is driving me mad. Other than that there seems to be no harm, but in order to fight an enemy you must know him.
Thanks

phpProjekt is a Open Source Project Management Application, if you dont use it, uninstall/delete it. NOW..

if file extensions are being changed, with out your permission/knowledge. someone it changing them.

Check your file permissions and change all of your passwords, Update any 3rd party programs etc

Files don't just appear and file extensions don't just change themselves

[excalibur]

the_ancient,

Nope, I don't use nor have installed phprojekt and nobody have changed my extensions.
Sorry for my misleading question.

The problem is a useragent requests pages that don't exist appending '/phprojekt/lib/lib.inc.php' to a valid URL.
Let's say the valid URL is 'www.mysite.com/dir/file.html' and the useragent requests 'www.mysite.com/dir/file.html/phprojekt/lib/lib.inc.php'
or
'www.mysite.com/dir/file.html/phprojekt/lib/layout/venus/venus.php'
thus generating a 404 error.

Related to the .smi, let's say the valid URL is 'www.mysite.com/wma/file.wma' and the useragent request 'www.mysite.com/wma/file.smi' in other words the useragent replace the extension and a 404 pops up.

So, both are two different issues.

[jason]

The phpprojekt issue is probably just a trolling expidition. Someone has a script that it hitting your site (and probably thousands of others) in the hopes that you are running an exploitable version of phpprojekt. If they got a real hit they'd be able to break in, but since you don't have the software installed there is nothing to worry about aside from the annoyance of 404 records in your logs. These kinds of attacks happen all the time for all types of software (formmail, MS Internet Information Services, and several forum software packages being the most targeted historically, I'd guess).

SMI files are files that contain additional information, such as captions, to go along with your WMV files. So what's happening here is that the client's movie player is just checking to see if there is additional content available when it downloads the video. Again, harmless.

--Jason

[the_ancient]

the_ancient,

Nope, I don't use nor have installed phprojekt and nobody have changed my extensions.
Sorry for my misleading question.

The problem is a useragent requests pages that don't exist appending '/phprojekt/lib/lib.inc.php' to a valid URL.
Let's say the valid URL is 'www.mysite.com/dir/file.html' and the useragent requests 'www.mysite.com/dir/file.html/phprojekt/lib/lib.inc.php'
or
'www.mysite.com/dir/file.html/phprojekt/lib/layout/venus/venus.php'
thus generating a 404 error.

Related to the .smi, let's say the valid URL is 'www.mysite.com/wma/file.wma' and the useragent request 'www.mysite.com/wma/file.smi' in other words the useragent replace the extension and a 404 pops up.

So, both are two different issues.

ahhhhh I understand now, like jason said above, I would not worry about

[excalibur]

Thanks Jason and the_ancient. Jason as always you're right and to the point. Yes, I a few minutes ago i found some info on the smi files and as you said it's harmless and somewhat useful if used (needed).
Regarding the phprojekt it's a harassment. I get lots of hits from Europe daily.
the_ancient, again sorry for the faulty question.