thanks - one of our customers...
jim
----- Original Message -----
From: "Peter Dow" <pcdow@yahoo.com>
To: <web400@midrange.com>
Sent: Monday, December 03, 2001 11:37 PM
Subject: Re: [WEB400] error logs


> Hi Jim,
>
> I just used www.network-tools.com to do a reverse DNS lookup and found
that
> 199.227.45.130 is mail.rooftile.com.  Possibly their mail server was
> infected by something?
>
> Peter Dow
> Dow Software Services, Inc.
> 909 425-0194 voice
> 909 425-0196 fax
>
>
> ----- Original Message -----
> From: "Jim Franz" <franz400@triad.rr.com>
> To: <web400@midrange.com>
> Sent: Monday, December 03, 2001 7:50 PM
> Subject: Re: [WEB400] error logs
>
>
> > Don't have any Front Page in our web pages. All is pure html 4 from
> rpg/cgi.
> > I suspect someone is regularly probing.
> > jim franz
> >
> > ----- Original Message -----
> > From: "Rich Duzenbury" <rduz@westernmidrange.com>
> > To: <web400@midrange.com>
> > Sent: Monday, December 03, 2001 10:46 PM
> > Subject: Re: [WEB400] error logs
> >
> >
> > > The _vti* directories are annoying FrontPage parlance.  Could be that
> the
> > > file exists, and someone is trying to exec it, which should not work
> (e.g.
> > > running win32 console code on AS/400).  Was the initial web created by
> > > FrontPage?
> > >
> > > FP seems to create these _vti* directories underneath every directory
in
> > > your web.  It was one of the (many) reasons we switched to
> > > DreamWeaver.  Another reason was that we couldn't get the FP
extensions
> > > installed and working on a Non-Windows box, although it was supposed
to
> be
> > > supported.
> > >
> > > The problem is that even if you delete those directories (one by one),
> if
> > > the web is re-published, they will all reappear again.
> > >
> > > Or,  someone found a FP hack that they keep trying, similar to the
code
> > red
> > > and Nimda hits you are familiar with.
> > >
> > > Regards,
> > > Rich
> > >
> > > At 09:23 PM 12/3/01, you wrote:
> > > >This is a multi-part message in MIME format.
> > > >--
> > > >[ Picked text/plain from multipart/alternative ]
> > > >In addition to the normal Red Worm or Nimda junk, I see this
> > > >from only this one address. What bothers me is the "input timer
> expired"
> > > >msg, like it actually tried to execute something.
> > > >The wwwaccess log has nothing for this address (thanks!).
> > > >This one address is banging on my system regularly since July. Is it
a
> > web
> > > >crawler?
> > > >
> > > >[28/Nov/2001:10:01:23 +0000]FORBIDDEN BY
> > > >RULE   199.227.45.130              /bnc
> > > >[28/Nov/2001:10:01:24 +0000]FORBIDDEN BY
> > > >RULE   199.227.45.130              /_vti_inf.html
> > > >[28/Nov/2001:10:01:25 +0000]FORBIDDEN BY
> > > >RULE   199.227.45.130              /_vti_bin/shtml.exe/_vti_rpc
> > > >[28/Nov/2001:10:05:55 +0000]Input timer expired 199.227.45.130
> > >
> > > _______________________________________________
> > > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > > To post a message email: WEB400@midrange.com
> > > To subscribe, unsubscribe, or change list options,
> > > visit: http://lists.midrange.com/cgi-bin/listinfo/web400
> > > or email: WEB400-request@midrange.com
> > > Before posting, please take a moment to review the archives
> > > at http://archive.midrange.com/web400.
> > >
> > >
> >
> >
> > _______________________________________________
> > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > To post a message email: WEB400@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/cgi-bin/listinfo/web400
> > or email: WEB400-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/web400.
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/web400
> or email: WEB400-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
>




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.