Andy Dingley wrote:
> On Mon, 04 Oct 2004 16:10:45 +0100, Roy Schestowitz
> <newsgroups@schestowitz.com> wrote:
>
>>What is that M$ garbage?
>
> There's a whole family of attacks against web servers, and it looks
> like you're being probed.
>
> If you're running FPSE, then for every directory "foo" there's a
> foo\_vti_cnf\ beneath it. By guessing at the existence of this, and
> guessing that it contains various bits of M$oft binary crudware
> (because many servers do) then a script can make an automated attack
> on your server and many others too. It nearly always fails, but it's
> a very easy probe to test for - and they only need to catch a handful
> of vulnerable servers.
>
> You might like to watch the IP ranges that are doing this, maybe block
> them.
Thanks Andy. You have been extremely helpful. I spotted '\_vti_cnf\'
several time before and I was not be able to make sense of it.
Roy
--
Roy Schestowitz
http://schestowitz.com
|
