homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

unknown POST action
can anyone tell me what this all about?

 2:22 am on May 1, 2001 (gmt 0) - - [30/Apr/2001:20:50:49 -0400] "GET /_vti_inf.html HTTP/1.1" 404 219 "-" "Mozilla/2.0 (compatible; MS FrontPage 4.0)" - - [30/Apr/2001:20:50:50 -0400] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1" 404 233 "-" "MSFrontPage/4.0"

whats with this?



 2:42 am on May 1, 2001 (gmt 0)

I've been getting hit like that and they're scanning with some kind of bot too. Probably some hacker punks from China ridin the wave of publicity. Been going on like that for two weeks.


 3:10 am on May 1, 2001 (gmt 0)

that's weak, if they're going to hit my site with a text editor at least they should do it with something I can optimize for.


 4:12 am on May 1, 2001 (gmt 0)

Looks like somebody importing parts/all of your site into Frontpage on their computer. Are you getting hits for the whole site or only a few pages?



 5:15 am on May 1, 2001 (gmt 0)

that's it, and I have no idea what that file extension leads to I don't have any pages with that ending, it's beyond me what they're after.


 5:34 am on May 1, 2001 (gmt 0)

Those files ( _vti_inf.html and _vti_bin/.shtml.ext/_vti_rpc ) are files that FP uses. _vti_inf.htm contains configuration information that the FrontPage Explorer and FrontPage Editor need to communicate with the FrontPage server extensions installed on the web server. It looks like someone is scanning for sites that are using FP, and trying to exploit some of its security holes.


 6:30 am on May 1, 2001 (gmt 0)

Yeah. About 2 weeks ago I started getting the exact hits across multiple domains from a telco in China. I alerted the hosting company but since I dont use FP they aren't gonna find any of that stuff. They have some type of script that leaves a spider footprint too.

Probably just "script kiddies"...I don't know what you can do with a vti folder anyway...anyone ever hear of an exploit that way?


 7:07 am on May 1, 2001 (gmt 0)

A certain someone who recently posted on another thread also tries to find weaknesses using FrontPage extensions. Same China connection too.

I agree, it's a feeble attempt but any security breach should be held seriously.

Sedir, You are being hit from Malasia:

Rights restricted by copyright. See [apnic.net...]

inetnum: -
netname: TMNET-MY
descr: TMnet Telekom Malaysia
country: MY
admin-c: TA35-AP
tech-c: TA35-AP
mnt-by: APNIC-HM
mnt-lower: TM-NET-AP
changed: hostmaster@apnic.net 20000529
source: APNIC

role: TMNET IP Administrators
address: 12-3, 4th Floor, Block C5, CCL Plaza,
address: Jalan SS6/12, Kelana Jaya
address: 47301 Petaling Jaya. Selangor
country: MY
phone: +603-7043106
fax-no: +603-7042204
e-mail: ainol@tm.net.my
trouble: abuse@tm.net.my
trouble: noc@tm.net.my
trouble: tmcops@tm.net.my
trouble: dnsteam@tm.net.my
admin-c: AS115-AP
tech-c: AS115-AP
tech-c: EU3-AP
tech-c: SM135-AP
nic-hdl: TA35-AP
mnt-by: TM-NET-AP
changed: hostmaster@apnic.net 20010124
source: APNIC

Just a hunch BH, but does this IP (or host)look familiar:


 7:42 am on May 1, 2001 (gmt 0)

Can't say it's exactly the same one but it comes from the same country ;)

GEM100 seems to be on your mind alot FroggyMan....

I'll be glad when all this chest beating rhetoric stuff gets over with. Neither country really has any intention of fighting the other.

If you think about it over the last 10 we have so intertwined ourselves economically and politically with China and Russia ( who gets the space station in the event of a war with Russia?) that it seems like it would be difficult to have a war. Maybe thats exactly what we're supposed to think?

Maybe Woz can enlighten us on the state of the attitude amongst the "little people" (pun intended) in China toward the US?


 11:37 am on May 26, 2001 (gmt 0)

Ok, look, what does GEM100 (THAT IS ME) has to do with all that???


 11:39 am on May 26, 2001 (gmt 0)

And who is Froggy??????? I mean I don't seem to even know him/her ...

Global Options:
 top home search open messages active posts  

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved