[6582] in bugtraq
More Microsoft debri
daemon@ATHENA.MIT.EDU (Lloyd Vancil)
Thu Apr 23 14:25:28 1998
Date: Thu, 23 Apr 1998 08:36:02 -0700
Reply-To: Lloyd Vancil <lev@APPLE.COM>
From: Lloyd Vancil <lev@APPLE.COM>
To: BUGTRAQ@NETSPACE.ORG
Looking at my Netscape error log on my web servers recently I have found
several entries that look like this:
[08/Apr/1998:08:07:07] config: for host *blah* trying to POST
/_vti_bin/shtml.exe/_vti_rpc, handle-processed reports: no way to service
request for /_vti_bin/shtml.exe/_vti_rpc
Host name removed to protect the -apparently- innocent
The file being posted here is the M$ control file for servers managed by
"FrontPage."
In the beginning I thought these were all attempts to "take over" my
server
by placing a hacked version of the software in my server. Since we don't
run NT or 95, for obvious reasons, I was somewhat surprised by the
frequency of such brain dead attacks and even more surprised that it
might work.
Recently I have learned that the M$ software itself attempts to POST to
this file if you attempt to "verify off site links" on a server managed
by this software.
IN-other-words, every time you attempt to verify links to other servers
on your M$ managed
http server, that server will ASSUME that every one is a M$ managed
server and add yet another error entry to their error file.
I have notified M$ -as expected No response-
lev@ _/_/_/_/ _/_/_/_/ _/_/_/_/ _/ _/_/_/
searchmaster@ _/ _/ _/ _/ _/ _/ _/ _/
_/ _/ _/_/_/_/ _/_/_/_/ _/ _/_/_/ .com
_/_/_/_/ _/ _/ _/ _/
_/ _/ _/ _/ _/_/_/ _/_/_/
