| 2:42 am on May 1, 2001 (gmt 0)|
I've been getting hit like that and they're scanning with some kind of bot too. Probably some hacker punks from China ridin the wave of publicity. Been going on like that for two weeks.
| 3:10 am on May 1, 2001 (gmt 0)|
that's weak, if they're going to hit my site with a text editor at least they should do it with something I can optimize for.
| 4:12 am on May 1, 2001 (gmt 0)|
Looks like somebody importing parts/all of your site into Frontpage on their computer. Are you getting hits for the whole site or only a few pages?
| 5:15 am on May 1, 2001 (gmt 0)|
that's it, and I have no idea what that file extension leads to I don't have any pages with that ending, it's beyond me what they're after.
| 5:34 am on May 1, 2001 (gmt 0)|
Those files ( _vti_inf.html and _vti_bin/.shtml.ext/_vti_rpc ) are files that FP uses. _vti_inf.htm contains configuration information that the FrontPage Explorer and FrontPage Editor need to communicate with the FrontPage server extensions installed on the web server. It looks like someone is scanning for sites that are using FP, and trying to exploit some of its security holes.
| 6:30 am on May 1, 2001 (gmt 0)|
Yeah. About 2 weeks ago I started getting the exact hits across multiple domains from a telco in China. I alerted the hosting company but since I dont use FP they aren't gonna find any of that stuff. They have some type of script that leaves a spider footprint too.
Probably just "script kiddies"...I don't know what you can do with a vti folder anyway...anyone ever hear of an exploit that way?
| 7:07 am on May 1, 2001 (gmt 0)|
A certain someone who recently posted on another thread also tries to find weaknesses using FrontPage extensions. Same China connection too.
I agree, it's a feeble attempt but any security breach should be held seriously.
Sedir, You are being hit from Malasia:
Rights restricted by copyright. See [apnic.net...]
inetnum: 18.104.22.168 - 22.214.171.124
descr: TMnet Telekom Malaysia
changed: email@example.com 20000529
role: TMNET IP Administrators
address: 12-3, 4th Floor, Block C5, CCL Plaza,
address: Jalan SS6/12, Kelana Jaya
address: 47301 Petaling Jaya. Selangor
changed: firstname.lastname@example.org 20010124
Just a hunch BH, but does this IP (or host)look familiar:
| 7:42 am on May 1, 2001 (gmt 0)|
Can't say it's exactly the same one but it comes from the same country ;)
GEM100 seems to be on your mind alot FroggyMan....
I'll be glad when all this chest beating rhetoric stuff gets over with. Neither country really has any intention of fighting the other.
If you think about it over the last 10 we have so intertwined ourselves economically and politically with China and Russia ( who gets the space station in the event of a war with Russia?) that it seems like it would be difficult to have a war. Maybe thats exactly what we're supposed to think?
Maybe Woz can enlighten us on the state of the attitude amongst the "little people" (pun intended) in China toward the US?
| 11:37 am on May 26, 2001 (gmt 0)|
Ok, look, what does GEM100 (THAT IS ME) has to do with all that???
| 11:39 am on May 26, 2001 (gmt 0)|
And who is Froggy??????? I mean I don't seem to even know him/her ...