weird site access.. help if you can.

[dtupes]

Does anyone know what someone was trying to do when they accessed my website via the following:


"GET /_vti_inf.html HTTP/1.1" 404 13 "-" "Mozilla/2.0 (compatible; MS FrontPage 4.0)"

"POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1" 404 13 "-" "MSFrontPage/4.0"


These are not the entire log record .. just the part I thought might be useful.


I would appreciate anyones input.



The same IP address has previously accessed our site attempting to read WPAD, or something, files..



Thanks,

David

[jason]

Those entries are bots looking for vulnerabilities in Windows servers. The machine that is hitting you may have a virus on it so that the owner doesn't even know that that stuff is happening. Anyway, these aren't Windows servers, so there's nothing that you have to worry about and you can safely ignore those entries.

If you search around the boards, you'll see some elaborate mechanisms that people have put in place to track those kinds of hits and "report them to the authorities" (I don't know if they ever actually do), but personally, I just ignore them.

--Jason

[dtupes]

Thanks for the info.. In the meantime I tracked down the owner of the website at the domain it was comming from and it turns out he is running an internal network at his house and has something named the same as my domain.. he said he was surprised to start seeing stuff from my site showing up and had been scratching his head trying to figure it out.

Thanks again.