Forum Moderators: DixonJones
/_vti_bin/owssvr.dll
/MSOffice/cltreq.asp
(I understand the two above-listed file-calls to be harmless. I'm ignoring them.)
/filecabinet/radial.wav
/home.php
/main.php
/admin.php
/template.php
/index.php/main.php
/modules/mod_mainmenu.php
/modules/agendax/addevent.inc.php
/modules/My_eGallery/public/displayCategory.php
//portal/modules/My_eGallery/public/displayCategory.php
/modules/xgallery/upgrade_album.php
/modules/4nAlbum/public/displayCategory.php
/modules/coppermine/themes/default/theme.php
/gallery/init.php
/gallery/captionator.php
/modules/index.rss
/modules/index.xml
/modules/rss.php
/modules/rss.xml
/modules/b2rss.xml
/modules/rss.cfm
/modules/geoform_Files/Bindings.xml
/modules/a.src
/modules/b.src
/w3c/p3p.xml
/admin/auth.php
/admin/templates/header.php
/doc/admin/index.php
/checklogin.php
/cutenews/comments.php
/cutenews/search.php
/cutenews/shownews.php
/ashnews.php
/bluebox_library.gif
/bluebox_cor_tl.gif
/bluebox_cor_tr.gif
/bluebox_library_but.gif
/bluebox_cor_bl.gif
/bluebox_cor_br.gif
/bluebox_april2004.gif
/bluebox_oct2003.gif
/bluebox_competition.gif
/includes/header.php
/includes/include_once.php
/include/help.php
/include/new-visitor.inc.php
/includes/include_onde.php
/htmltonuke.php
/nuke/index.php
/eblog/blog.inc.php
/forum/mainfile.php
/shoutbox/expanded.php
/cgi-bin/board/ikonboard.cgi
/ideabox/include.php
/pm/lib.inc.php
/pivot/modules/module_db.php
/eventcal2.php
/b2-tools/gm-2-b2.php
/advs/img/pointer_arrow.gif
/phpshop/index.php
/library/lib.php
/GradeMap/index.php
/defines.php
/db.php
/library/editor/editor.php
/_functions.php
/myPHPCalendar/admin.php
/cpcommerce/_functions.php
/e107/e107_handlers/secure_img_render.php
/eventscroller.php
(Note: My site has no advertisements, no music files, no forums or guestbooks, no picture or thumbnail galleries, no visitor-upload capability, and no news or blog feeds. I do not use FrontPage. I do have a folder named "modules", but my pages are htm's, not php's, html's, xml's, cfm's, or rss's.)
I know that attempts to access "formmail.pl" indicate that somebody is trying to hack an old e-mail form-handler script. I would appreciate any information and/or advice people might have for the above-listed file calls.
Thank you.
Eliz.
/advs/img/pointer_arrow.gif This 404 shows up sometimes if you have adsence - don't know why. If you don't display adsence feeds, then possibly you page is framed on some other site who does and the browser gets confused.
In fact, that's how I usually explain the other 404s. Poor coding (base href, etc) confuses the browser to look for files from the referring page, on your page. The php files could possibly be similar mistakes from forums that post your link. Check out the referring sites and look for these directories/files.
Of course this is all speculation :)
To underline what a previous poster said these are not legitimate requests. If these are all in close succession (like less than a 1 second apart) then it is part of a vulnerability scan done through a dedicated app or script (usually via a proxy or chain of anon proxies) to probe a site for exploitable urls. This is a drop in the ocean such scans can be over 1MB in size.
/_vti_bin/owssvr.dll
/MSOffice/cltreq.asp
these 2 together are a classic, but are (as I understand it) meaningless on *nix servers with Apache even if the server has support for MS frontpage. They were a problem on MS servers. I think that a worm in particular famously tries to access these URLS (without the query string which is to do with the discussions bar in IE)
The rest of the URLs as you can tell look like they belong to various bulletin board, portal and gallery software, and would (if unpatched and fed with some unusal query) probably allow some sort of exploit to occur. The severity of that may range from fairly minor to quite serious.
If they are all getting a 404 or 403 then you have nothing to worry about.
Unfortunately that is the internet now. It may just be a script kiddie practicing his skills.
