homepage Welcome to WebmasterWorld Guest from 54.163.72.86
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
Microsoft-WebDAV - What was this trying to do?
JAB Creations




msg:405481
 8:21 pm on Apr 27, 2006 (gmt 0)

What was this bot trying to do? My server is Linux/Apache so if it's related to the vulnerability I'd like to know.

Possibly related post...
[webmasterworld.com...]

xx.xx.100.197 - - [10/Apr/2006:02:27:56 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:58 +0000] "OPTIONS / HTTP/1.1" 200 6876 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:58 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:59 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"

- John

 

wilderness




msg:405482
 4:31 pm on May 5, 2006 (gmt 0)

a Google on "propfind" will return info.

Another old Webamster World thread
[webmasterworld.com...]

JAB Creations




msg:405483
 12:24 am on May 6, 2006 (gmt 0)

Wiki...

WebDAV
Web-based Distributed Authoring and Versioning
"aim is to make the World Wide Web a readable and writable medium"

PROPFIND
"...overloaded to allow one to retrieve the collection structure (a.k.a. directory hierarchy) of a remote system."

securityspace
IIS propfind DoS
"Performs a denial of service against IIS"

It could have been a possible DOS attack. I don't see any other reason for this happening.

- John

wilderness




msg:405484
 12:58 am on May 6, 2006 (gmt 0)

It could have been a possible DOS attack. I don't see any other reason for this happening.

John,
As I vaguely mentioned on the older thread, I've had these, from a visitor whose identity was confirmed and there was NOT any malicious intent.
Rather, this person accidentally performed some option in Front Page.

I've had so few of these instances over the years that they are not of any real concern to me.
On one occassion in which the process occurred multiple times from the same IP range (unknown identity), I notified both my web host and the visitors internet provider.

Don

bull




msg:405485
 7:17 am on May 6, 2006 (gmt 0)

<LimitExcept HEAD GET POST>
order deny,allow
deny from all
</LimitExcept>

will do just fine. Some of us may even not need POST.

Jan

volatilegx




msg:405486
 6:01 pm on May 6, 2006 (gmt 0)

fantastic post, bull.

JAB Creations




msg:405487
 7:33 am on May 7, 2006 (gmt 0)

Yes thanks Jan!

- John

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved