Re: [WEB400] error logs

[Rich Duzenbury <rduz@xxxxxxxxxxxxxxxxxxx>]

The _vti* directories are annoying FrontPage parlance.  Could be that the
file exists, and someone is trying to exec it, which should not work (e.g.
running win32 console code on AS/400).  Was the initial web created by
FrontPage?

FP seems to create these _vti* directories underneath every directory in
your web.  It was one of the (many) reasons we switched to
DreamWeaver.  Another reason was that we couldn't get the FP extensions
installed and working on a Non-Windows box, although it was supposed to be
supported.

The problem is that even if you delete those directories (one by one), if
the web is re-published, they will all reappear again.

Or,  someone found a FP hack that they keep trying, similar to the code red
and Nimda hits you are familiar with.

Regards,
Rich

At 09:23 PM 12/3/01, you wrote:
>This is a multi-part message in MIME format.
>--
>[ Picked text/plain from multipart/alternative ]
>In addition to the normal Red Worm or Nimda junk, I see this
>from only this one address. What bothers me is the "input timer expired"
>msg, like it actually tried to execute something.
>The wwwaccess log has nothing for this address (thanks!).
>This one address is banging on my system regularly since July. Is it a web
>crawler?
>
>[28/Nov/2001:10:01:23 +0000]FORBIDDEN BY
>RULE   199.227.45.130              /bnc
>[28/Nov/2001:10:01:24 +0000]FORBIDDEN BY
>RULE   199.227.45.130              /_vti_inf.html
>[28/Nov/2001:10:01:25 +0000]FORBIDDEN BY
>RULE   199.227.45.130              /_vti_bin/shtml.exe/_vti_rpc
>[28/Nov/2001:10:05:55 +0000]Input timer expired 199.227.45.130