PDA

View Full Version : Anyone know what this script is about?



kjohnson5576
12-11-2003, 10:01 AM
I've been getting some strange items in my error log files. Some have been attempts at executable code, but a frequent on is

File does not exist: /home/discount/public_html/MSOffice/cltreq.asp

What is the MSOffice/cltreq.asp ?

Also, I've gotten this one:

File does not exist: /home/discount/public_html/_vti_bin/owssvr.dll

Is this hacking stuff?

Kent

paulhiles
12-11-2003, 10:23 AM
Hi Kent,

On the surface, I agree it appears as though someone is trying to interrogate your server OR exploit a security loophole.
However I had a look around for other such reports, and came across this page (http://www.xav.com/scripts/guardian/help/1022.html) at Fluid Dynamics Software. They seem to present a plausible explanation.. i.e. that it is most likely to be another Microsoft Office user who is browsing with their 'Discuss' toolbar enabled.. and it is this that is requesting the two files from your server.

Hope that helps

Paul

kjohnson5576
12-11-2003, 10:39 AM
Thank Paul. This eases my fears. I've seen quite a bit of this recently. I changed my password and even reported this to some ISP's (oops). My tech support department just told me to change passwords, which didn't help.

Kent

USALUG
12-11-2003, 04:11 PM
Actually, this could be an attempt to hack the site to which the request is made, presuming that the site was built with Front Page, which places those files on the server to enable the builder to administer the site. Thus, anyone calling the files could presumably gain administrative rights and do whatever they want to the site.

Gotta love Front Page :)


But....... it's PROBABLY just the old Nimda Virus, still looking for web servers to attack.
It's searches for _vti_bin/owssvr.dll and /Msoffice/ cltreq.asp in particular

:)