Formmail script is prone to abuse by spammers. So they just go around looking for it. If you don't have it, you are fine.

The favicon-related 404s is nothing to worry about. It happens everytime people try to bookmark your favicon-less site.

I don't know much about those ms office 404s. If your server is MS based, make sure all security patches are in place. If you are *nix, you can safely ignore them.

thanks! My site is running on linux red hut. I have 50K of documents and it is really irritating to see all those 404 errors.

I do not use formail :-)

Thanks
Hanuman

I get MS Office related 404 errors when someone opened the office files (.doc/.xls/etc) hosted on the server (a Linux+Apache in my case). I *guess* there is some special frontpage extension built into the MS Office that allows Word or Excel to save changes back to the server, if the server provides the functionality. The 404 just means MS Office is trying those functionalities.

Do me a favor, backup your whole website right now :) So many people I know dont backup then when their web server goes down because of hardware failure or a hack they are left with nothing.

Thanks for the suggestions. Our site is backup every 24hr. I thought that showing you guys some of the error logs lines would help you to help me better to avoid these errors altogether or at least understand their meanings. I have changed the server path to the root directory by /path/ . Our site doest not use active server pages nor use Microsoft front page extensions....

help please
hanuman

[Mon Jun 10 17:13:14 2002] [error] [client 66.82.9.25] File does not exist: /path/favicon.ico
[Mon Jun 10 17:16:33 2002] [error] [client 139.182.132.159] File does not exist: /path/favicon.ico
[Mon Jun 10 09:39:31 2002] [error] [client 140.219.17.129] File does not exist: /path/favicon.ico
[Mon Jun 10 09:39:53 2002] [error] [client 140.219.17.129] File does not exist: /path/favicon.ico
[Mon Jun 10 16:49:56 2002] [error] [client 64.172.228.39] File does not exist: /path/_vti_bin/owssvr.dll
[Mon Jun 10 23:02:11 2002] [error] [client 203.177.7.38] File does not exist: /path/_vti_bin/owssvr.dll
[Mon Jun 10 23:02:14 2002] [error] [client 203.177.7.38] File does not exist: /path/MSOffice/cltreq.asp
[Mon Jun 10 23:03:36 2002] [error] [client 203.177.7.38] File does not exist: /path/_vti_bin/owssvr.dll
[Mon Jun 10 23:03:41 2002] [error] [client 203.177.7.38] File does not exist: /path/MSOffice/cltreq.asp
[Mon Jun 10 23:05:59 2002] [error] [client 203.177.7.38] File does not exist: /path/_vti_bin/owssvr.dll
[Mon Jun 10 23:06:00 2002] [error] [client 203.177.7.38] File does not exist: /path/MSOffice/cltreq.asp
[Mon Jun 10 23:07:06 2002] [error] [client 203.177.7.38] File does not exist: /path/_vti_bin/owssvr.dll
[Mon Jun 10 23:07:08 2002] [error] [client 203.177.7.38] File does not exist: /path/MSOffice/cltreq.asp
[Mon Jun 10 23:07:22 2002] [error] [client 203.177.7.38] File does not exist: /path/_vti_bin/owssvr.dll
[Mon Jun 10 23:07:24 2002] [error] [client 203.177.7.38] File does not exist: /path/MSOffice/cltreq.asp
[Mon Jun 10 23:16:43 2002] [error] [client 203.177.7.38] File does not exist: /path/_vti_bin/owssvr.dll
[Mon Jun 10 23:16:48 2002] [error] [client 203.177.7.38] File does not exist: /path/MSOffice/cltreq.asp
[Mon Jun 10 23:21:55 2002] [error] [client 203.177.7.38] File does not exist: /path/_vti_bin/owssvr.dll
[Mon Jun 10 23:22:01 2002] [error] [client 203.177.7.38] File does not exist: /path/MSOffice/cltreq.asp

PS. Just thought of running google search on "cltreq.asp" and other files that our server was getting request for. the search results were pointing to other site webstats with the same error 404 . . . :o

Those log entries (the ones from 203.177.7.38) are a nimda variant or some similar worm hitting your server... unsuccessfully.

[dshield.org...]

Thanks. This was very helpfull!

The requests for owssvr.dll and cltreq.asp are not a security attack. They, like the favicon requests, are harmless. These requests have been discussed in this forum before (see: [webmasterworld.com...] ). They are requested by IE users who have a discussion forum object installed. the requests are checking to see if your site has that a forum.

getting rid of the favicon 404's is easy - just create your own favicon.gif and upload it to the directory generating it.

When someone adds your site to your favourite list the site is checked for the favicon.gif and downloaded to the persons browser. If you aint got one, you get 404 error.

if hackers exploit formmail couldn't this file be replaced with something nasty that would deter them?

since it's mostly bots searching for such scripts
they have a determined way of searching and checking,
those bots are not vulnerable to exploits like browsers
can be - the only thing i can think of is to
look at their ip and time of access and then complain
at their isp, they should be able to find the appendant
phonenumber to the used ip at that point of time in their
logs...
it's rather complicated so i don't think it made sense to do
this if it's not something big

Another 404 error that my stats show is a file called

/robots.txt

This is a TXT file for controlling the robots access into your website. It seems to be an acceptated standard. You can find more information at:

[robotstxt.org...]

By the way, if you have a lot of /favicon.ico 404 errors... Congratulations: a lot of people is saving your page at their "favorites" or bookmarks.

May be this is a good way to know how many people saves your web: just look at the GETs for /favicon.ico.

Bye

1 - Formmail can easily be renamed :)
2 - Formmail can easily be modified to take different parameter names :)
3 - Formmail can be modified to ensure that all mail that is going to a domain other than your own, will also send a copy to yourself :)

Our own rich_lowe is probably too modest to post this, but when I got sick of seeing nimda stuff in my logs, I found this article of his which was very clear and very helpful

Redirect Worms Away [addme.com] by Richard Lowe, Jr.

I believe the thread mentined above was pre-article discussion with the group (but don't quote me on that!)

Tom