Welcome to WebmasterWorld Guest from 23.23.46.20

Forum Moderators: Ocean10000 & incrediBILL

Microsoft-WebDAV - What was this trying to do?

   
8:21 pm on Apr 27, 2006 (gmt 0)

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member



What was this bot trying to do? My server is Linux/Apache so if it's related to the vulnerability I'd like to know.

Possibly related post...
[webmasterworld.com...]

xx.xx.100.197 - - [10/Apr/2006:02:27:56 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:58 +0000] "OPTIONS / HTTP/1.1" 200 6876 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:58 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:59 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"

- John

4:31 pm on May 5, 2006 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



a Google on "propfind" will return info.

Another old Webamster World thread
[webmasterworld.com...]

12:24 am on May 6, 2006 (gmt 0)

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Wiki...

WebDAV
Web-based Distributed Authoring and Versioning
"aim is to make the World Wide Web a readable and writable medium"

PROPFIND
"...overloaded to allow one to retrieve the collection structure (a.k.a. directory hierarchy) of a remote system."

securityspace
IIS propfind DoS
"Performs a denial of service against IIS"

It could have been a possible DOS attack. I don't see any other reason for this happening.

- John

12:58 am on May 6, 2006 (gmt 0)

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



It could have been a possible DOS attack. I don't see any other reason for this happening.

John,
As I vaguely mentioned on the older thread, I've had these, from a visitor whose identity was confirmed and there was NOT any malicious intent.
Rather, this person accidentally performed some option in Front Page.

I've had so few of these instances over the years that they are not of any real concern to me.
On one occassion in which the process occurred multiple times from the same IP range (unknown identity), I notified both my web host and the visitors internet provider.

Don

7:17 am on May 6, 2006 (gmt 0)

10+ Year Member



<LimitExcept HEAD GET POST>
order deny,allow
deny from all
</LimitExcept>

will do just fine. Some of us may even not need POST.

Jan

6:01 pm on May 6, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



fantastic post, bull.
7:33 am on May 7, 2006 (gmt 0)

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Yes thanks Jan!

- John

 

Featured Threads

Hot Threads This Week

Hot Threads This Month