Noticed two interesting hits in the http://www.tedroche.com web server log today:
2004-01-18 13:05:56 220.127.116.11 - 192.168.1.98 80 GET /_vti_bin/owssvr.dll UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)
2004-01-18 13:05:58 18.104.22.168 - 192.168.1.98 80 GET /MSOffice/cltreq.asp UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0|-|0|404_Object_Not_Found 404 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1)
I’d guess that the first is a call to the Outlook Web Service for exchange, and the second a probe to see if there’s an MSOffice or Office Web Parts installation on the machine, each presumably exploiting a Microsoft security problem.
The address of the inquirer is located in the Phillipines. I don’t really know enough to determine if that is a compromised machine, or if that is the location of the malicious attack. You’d presume they’d hide themselves, but this isn’t my specialty. I just ban the IP addresses I see.