New 404 Error Involving Msxml2.XMLHTTP

Forum Moderators: phranque

Message Too Old, No Replies

New 404 Error Involving Msxml2.XMLHTTP

Am I being probed...?

Wighty

12:03 pm on Dec 1, 2006 (gmt 0)

I operate a simple HTML municipal web site for a small south (way south) New Jersey town, and I check the error logs daily to see if anyone is trying to find backdoors into the site. If so I'll block their IPA using .htaccess

Today I found a 404 error involving a request for this file Msxml2.XMLHTTP from a source in Spain (Madrid) - not an expected source. Although I searched Webmaster.com for this file name, I did not find any topics that discussed if it might be related to hackers.

Would someone help me understand if requests for Msxml2.XMLHTTP are legitimate, or a potential threat.

Thank you

jtara

4:34 pm on Dec 1, 2006 (gmt 0)

Sounds like broken Javascript AJAX code. Do you use any AJAX features on your site?

MSxml2.XMLHTTP is the name of a DOM function in Microsoft browsers. It's the name of the Javascript object needed to make AJAX requests.

Why anybody would use this as a URL, though, I dunno.

I suppose this could be an exploit for some popular server-side software that just happens to use this as the URL for some request. Normally, though, one would use a URL that is descriptive of the data being requested.

I wouldn't worry about it, in any case. Since you are 404ing it, it obviously isn't doing any harm. If it's an exploit, it's not effective, because you don't have the software that it is targerting. The exploits you have to worry about are the ones you DON'T 404. ;)