| 3:43 am on Nov 9, 2004 (gmt 0)|
No, that's frontpage extensions.
| 3:51 am on Nov 9, 2004 (gmt 0)|
I know, that's why I asked here. But that entire site was being downloaded by someone using Front Page last fall to swipe my kw and copy, and I don't even have FP extensions installed on any of my hosting. So how could FP extensions be showing up like that.
| 3:54 am on Nov 9, 2004 (gmt 0)|
|So how could FP extensions be showing up like that. |
Ask you server admin to do a trace on it.
| 4:07 am on Nov 9, 2004 (gmt 0)|
Marcia, what was the response code by the server? Post the entire line from the log file.
| 4:08 am on Nov 9, 2004 (gmt 0)|
I see something similar in my access_log files all the time. Usually its something like:
.. followed by the usual user agents, Mozilla (compatible; yadda..quack 4.01 ..
Sometimes this is followed by requests for form-mail stuff, all sent from
the same server. I have no form-mail at all.
I took a random .gif image and renamed it owssvr.dll,
(over the protestations of my operating system) and
uploaded that into my /vti-bin/ folder at the host.
That's so whoever it is doesn't go away completely empty handed.
I was going to take a .jpg image and rename it
cltreq.asp but I don't have an /MSOffice folder on my site.
Any suggestions? How about a table of random numbers?
| 4:16 am on Nov 9, 2004 (gmt 0)|
I forgot something:
With the sole exception of my perverted owssvr.dll file,
all the bogus requests return a 404 error.
Except for some tiny bandwidth, no harm done I suppose.
I would really like to know who does this and why in any case.
Somebody suggested email spammers once. and I'm hoping it isn't something even worse.
| 5:02 am on Nov 9, 2004 (gmt 0)|
I've got no /vti-bin/ on my hosting, but this is a different issue. I looked for the IP number, then remembered about checking it out at Sam Spade. It's a Verizon DSL user.
>>I'm hoping it isn't something even worse.
What I'm now figuring this is, seeing it's an ISP and looking again seeing that it's one section of the site, is that it was the pages being grabbed. Yahoo must have just updated, the site moved up from #3 to #1 for that keyword. So whoever it is must have decided they like it because apparently they went through that whole particular subdirectory on the site.
I'll have to keep tabs now, and I'm no techie but remembering the months of aggravation last year, if it's the same party, rather than disallow the whole IP again, it might be time to get a little creative.
| 5:20 am on Nov 9, 2004 (gmt 0)|
This thread [webmasterworld.com] and the link therein indicate that it's microsoft office with "web discussions" enabled.