I was concerned when I saw these entries in my apache error log:
[Sun May 13 12:05:09 2001] [error] [client 38.28.207.49] File does not exist:
/www/crazyguyonabike/com/htdocs/_vti_bin/shtml.exe/_vti_rpc
(offline mode: enter name=value pairs on standard input)
What's this offline mode stuff? Is that embperl? The file requested has nothing to do
with my system, so I can understand it not being found.
But the offline message unnerved me.
And here are the apache access log entries from around the same time:
38.28.207.49 - - [13/May/2001:12:05:04 -0400] "OPTIONS /community/boards/post
HTTP/1.1" 301 362
38.28.207.49 - - [13/May/2001:12:05:06 -0400] "GET /_vti_inf.html HTTP/1.1" 301 2625
38.28.207.49 - - [13/May/2001:12:05:09 -0400] "POST /_vti_bin/shtml.exe/_vti_rpc
HTTP/1.1" 301 2625
38.28.207.49 - - [13/May/2001:12:05:11 -0400] "OPTIONS
/community/boards/post/?pics=small&tour_id=27&board_id=120&command=add HTTP/1.1" 200
4713
38.28.207.49 - - [13/May/2001:12:05:12 -0400] "GET
/community/boards/post/?pics=small&tour_id=27&board_id=120&command=add HTTP/1.1" 200
4713
I have to admit, I have never seen an HTTP command named "OPTIONS".
The weird thing is, these entries do seem to correspond to a real message which has
been posted on my message board.
Has anyone else seen this kind of thing?
Any clues on whether I should be worried? Tripwire didn't pick up any intrusion, but I
am still curious,
both about that "offline mode" thing and the OPTIONS command.
TIA
-Neil
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
