somebody is try to hack into the server, these a standard folders which would have executable rights. so is would be the first pass if any folders which have executable rights tthen the hack has to options 1st and most common would be to cause a buffer overflow ( this is well documented on NT servers and you neede to apply a roll up patch)

2nd try a get a backdoor program into the exec area then take control of the server.

DaveN

I thought it was some dark sinister goings on as well, when I called the hosting company they told me this was due to DNS problems! The person I spoke to didn't seem to know what I was talking about at first. When I mentioned the formail script he said it was due to the email server problems.

Lucky I dont have any of these installed and I have complete back ups of everything for all my sites with these guys!

Craig

No i dont think its a hack at all!

ive had 33 /msoffice/cltreq.asp page errors and 35 /_vti_bin/owssvr.dll page errors this week alone!

dont know what they are either but Ive had these errors for months now, usually about 1-2 a day?

dazz,

why would the fact that you have been getting those errors for month make you think itīs not a hack? Thatīs certainly not a stringent conclusion.

There are scriptīs out there that you run and that automatically and systematically scan ip addresses and check the servers for those files and misconfigurations.

Andreas

Well i suppose it possibly could be........but that would mean someone is trying to hack my site everyday pretty much since in went online?.....which is unlikely.

This is Microsoft's .NET stuff trying to set up a "remote sharing" session with your server. This is used for remote collaboration between multiple document authors. It appears on my site most often when someone is using the wrong program (i.e. not a browser) to view the site. If requests for a session fail, it falls back to plain old display-only mode.

My memory is a bit hazy, but when I first encountered this, I searched the Microsoft Knowlege Base to find the answer.

Probably not a hack, just a right-click error, an incompetent user, or both.

Jim

jdMorgan does this involove trying to access a .pl or a .CGI file for a formail in a CGI bin?

Most hosts issue this warning of formail

Some of the possible uses of this script are:

1) You want to have a form that will be mailed to you, but aren't sure how to write the CGI script for it.

2) You are the webmaster of your site and want to allow users to use forms, but not to have their own cgi-bin directories, which can cause security risks to your system. You can set this script up and then allow all users to run off of it.

3) Want to have one script to parse all of your html forms and mail them to you.

If you can get control over the /cgi-bin/formmail.cgi you can send thousands of email via it until your systems goes pop.

It's an automated bit of software checking you out
DaveN

check this thead

[webmasterworld.com...]

DaveN

creative craig,

No... Sorry. I was focused on the cltreq.asp and owssrvr dll question.

formmail.pl fishing is an attempt to see if they can use your server to pass spam.

Need more coffee. :o

Jim

Thanks Jim,

So does seeing this as a 404 error mean that they were un able to do this?

Of course it does as I dont have anything like that in any of the directorys on my site!
Craig

Yup, the formmail scan is indeed an attempt to find an email host for launching spam.

One of my clients (who is listed in Yahoo), is regularly scanned (unsuccessfully).

We are hosted on the same server, both in dmoz, but she is in Y and I'm not. I strongly suspect that these scanner are finding her through her Yahoo listing.

I got sick of looking at those 404s, so I set up redirect pages on this stuff, sending them to microsoft.com.