Forum Moderators: open
/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0
So how could FP extensions be showing up like that.
Ask you server admin to do a trace on it.
GET /vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=6403&STRMVER=4&CAPREQ=0
GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6403&STRMVER=4&CAPREQ=0
.. followed by the usual user agents, Mozilla (compatible; yadda..quack 4.01 ..
Sometimes this is followed by requests for form-mail stuff, all sent from
the same server. I have no form-mail at all.
I took a random .gif image and renamed it owssvr.dll,
(over the protestations of my operating system) and
uploaded that into my /vti-bin/ folder at the host.
That's so whoever it is doesn't go away completely empty handed.
I was going to take a .jpg image and rename it
cltreq.asp but I don't have an /MSOffice folder on my site.
Any suggestions? How about a table of random numbers?
- Larry
With the sole exception of my perverted owssvr.dll file,
all the bogus requests return a 404 error.
Except for some tiny bandwidth, no harm done I suppose.
I would really like to know who does this and why in any case.
Somebody suggested email spammers once. and I'm hoping it isn't something even worse.
-LH
>>I'm hoping it isn't something even worse.
What I'm now figuring this is, seeing it's an ISP and looking again seeing that it's one section of the site, is that it was the pages being grabbed. Yahoo must have just updated, the site moved up from #3 to #1 for that keyword. So whoever it is must have decided they like it because apparently they went through that whole particular subdirectory on the site.
I'll have to keep tabs now, and I'm no techie but remembering the months of aggravation last year, if it's the same party, rather than disallow the whole IP again, it might be time to get a little creative.
