More Microsoft debri

levAPPLE.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Seth McGann: "Buffer overflows in Solaris 2.6 ufsdump and ufsrestore"
• Previous message: Erik Troan: "SECURITY: lpr-0.31 now available"
• Next in thread: Michael Howard: "Re: More Microsoft debri"

Looking at my Netscape error log on my web servers recently I have found
several entries that look like this:

[08/Apr/1998:08:07:07] config: for host *blah* trying to POST
/_vti_bin/shtml.exe/_vti_rpc, handle-processed reports: no way to service
request for /_vti_bin/shtml.exe/_vti_rpc

Host name removed to protect the -apparently- innocent


The file being posted here is the M$ control file  for servers managed by
"FrontPage."

In the beginning I thought these were all attempts to "take over" my
server
by placing a hacked version of the software in my server.  Since we don't
run NT or 95, for obvious reasons, I was somewhat surprised by the
frequency of such brain dead attacks and even more surprised that it
might work.

Recently I have learned that the M$ software itself attempts to POST to
this file if you attempt to "verify off site links" on a server managed
by this software.

IN-other-words, every time you attempt to verify links to other servers
on your M$ managed
http server, that server will ASSUME that every one is a M$ managed
server and add yet another error entry to their error file.


I have notified M$   -as expected No response-



         lev    _/_/_/_/  _/_/_/_/  _/_/_/_/  _/      _/_/_/
searchmaster   _/    _/  _/    _/  _/    _/  _/      _/
               _/    _/  _/_/_/_/  _/_/_/_/  _/      _/_/_/    .com
              _/_/_/_/  _/        _/        _/      _/
             _/    _/  _/        _/        _/_/_/  _/_/_/

• Next message: Seth McGann: "Buffer overflows in Solaris 2.6 ufsdump and ufsrestore"
• Previous message: Erik Troan: "SECURITY: lpr-0.31 now available"
• Next in thread: Michael Howard: "Re: More Microsoft debri"