1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 10:05 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

Microsoft-WebDAV - What was this trying to do?

         

JAB Creations

8:21 pm on Apr 27, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



What was this bot trying to do? My server is Linux/Apache so if it's related to the vulnerability I'd like to know.

Possibly related post...
[webmasterworld.com...]

xx.xx.100.197 - - [10/Apr/2006:02:27:56 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:57 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:58 +0000] "OPTIONS / HTTP/1.1" 200 6876 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:58 +0000] "PROPFIND /downloads HTTP/1.1" 301 331 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
xx.xx.100.197 - - [10/Apr/2006:02:27:59 +0000] "PROPFIND /downloads/ HTTP/1.1" 404 12978 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"

- John

wilderness

4:31 pm on May 5, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



a Google on "propfind" will return info.

Another old Webamster World thread
[webmasterworld.com...]

JAB Creations

12:24 am on May 6, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Wiki...

WebDAV
Web-based Distributed Authoring and Versioning
"aim is to make the World Wide Web a readable and writable medium"

PROPFIND
"...overloaded to allow one to retrieve the collection structure (a.k.a. directory hierarchy) of a remote system."

securityspace
IIS propfind DoS
"Performs a denial of service against IIS"

It could have been a possible DOS attack. I don't see any other reason for this happening.

- John

wilderness

12:58 am on May 6, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It could have been a possible DOS attack. I don't see any other reason for this happening.

John,
As I vaguely mentioned on the older thread, I've had these, from a visitor whose identity was confirmed and there was NOT any malicious intent.
Rather, this person accidentally performed some option in Front Page.

I've had so few of these instances over the years that they are not of any real concern to me.
On one occassion in which the process occurred multiple times from the same IP range (unknown identity), I notified both my web host and the visitors internet provider.

Don

bull

7:17 am on May 6, 2006 (gmt 0)

10+ Year Member 



<LimitExcept HEAD GET POST>
order deny,allow
deny from all
</LimitExcept>

will do just fine. Some of us may even not need POST.

Jan

volatilegx

6:01 pm on May 6, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



fantastic post, bull.

JAB Creations

7:33 am on May 7, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yes thanks Jan!

- John

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 10:05 pm May 4, 2026