i wasn't sure where to post this...if it belongs somewhere else (or there's a better forum for it) then please tell me.

i've gotten a variety of odd requests in my apache file and i want to know more about them....some are obviously hack attempts. am i at risk from this stuff?

GET /favicon.ico HTTP/1.1
GET /sponsor HTTP/1.0
GET /sponsorsecure HTTP/1.0
GET /sponsor HTTP/1.1
GET http://www.yahoo.com/ HTTP/1.1
GET /participantsecure_net/enrollment HTTP/1.1
GET /robots.txt HTTP/1.1
GET /s[pmspr HTTP/1.1
GET /robots.txt HTTP/1.0
POST /vti_bin/vti_aut/fp30reg.dll HTTP/1.1
GET /sponsor/ HTTP/1.1
GET /sponser HTTP/1.1
GET /juancho HTTP/1.1
GET /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=6254&STR...
GET /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=6254&STR...
GET /test HTTP/1.1
GET /images/port_panel_folder_blank.gif HTTP/1.1
GET /participantsecure_net/login.aspx HTTP/1.1
GET /participantsecure-net/login.aspx HTTP/1.1
GET /portal/PortalLogin.jsp HTTP/1.1
HEAD / HTTP/1.0
GET /windowManager.jsp?domain=myplan.com HTTP/1.1
GET /ParticipantSecure HTTP/1.1
GET /ParticipantSecure_Net/ HTTP/1.1

    The vti_bin/msoffice cruft is a virus-infected Windows machine that is trying to infect your server. If you're running Linux, you are at no risk.

    favicon.ico and robots.txt are known standard file locations; use Google to find out more.

    The others look perfectly normal. I don't know why anybody would be hitting those URIs if they do not exist on your server, but there's nothing odd about them.

      thanks.

      i figured participantsecure links were surely phishing attempts. thx for info.

        Write a Reply...