I get about 10 to 20 kbytes of those a day myself. My opinion is that users are accessing through Front Page (FP), and have saved the site to desktop either for convience, or to analyse or duplicate.

-OR-

Because I have so many of these requests from different IPs, I sometimes feel that my site has been hijacked to some remote FP enabled server, and they haven't bothered to switch over all the directory paths yet, but I have no other evidence of this.

Guess this is one of those areas where we just assume.

I've seen something like this before in my web server logs. I've read it is a Front Page type of request. However if you don't use FP, or never have, its most likely someone with an automated tool "probing" your site to see what software your site runs; and checking for known vulnerabilities.

I'd bet if you search for the IP addresses that sent this request, you'll find a bunch of other strange requests fired off in rapid succession. This is usually the pattern I notice when someone probes my sites.

If you don't see a "rapid-fire" sequence of requests in the server logs, it could just be an honest mistake.

While I'm not sure about those particular request I do know that there used to be a security issue with FP Server Extensions (loaded on the web server) if not set up properly in that if you logged into your website using FP you could get switch to, view, and even edit the FP files of another FP site. We busted a couple of enterprizing youths that were exploring a hastily set up FP server once using this technique.

Thank you so much guys for your kind reply. I am 80% sure that we have moved FP extention from our web server. It will be better for me to keep an eye on for a while. I will use what ever required to stop this request coming. Its been a while I am getting this request and be safe then sorry. Probably me sounds like extra careful!

Many thanks again to all of you. I have got a better vision.

Bravo

Have been getting many of the same on a daily basis ...

My simple cure? I delete all of the "_vti_*" dirs, then use an htaccess redirect to say that the server no longer supports Frontpage Extensions ...

Thank you very much catch2948. Your information is helpful.

Many Thanks.

Bravo