Re: Hackers trying to break into IIS

From: Jerry III (jerryiii_at_hotmail.com)
Date: 10/27/03


Date: Sun, 26 Oct 2003 23:00:52 -0800

As for why it shows up in the log - if you set IE (and other browsers) to
check their cached versions of files automatically they will send either a
HEAD request to get the modified date (and so on, there's more but that
would be too much detail for you) or send a regular GET request with
If-Unmodified-Since header or one of the other conditional headers (which
will get 304 response with no body if the file wasn't modified). To make a
long story short - those are not hackers.

Jerry

"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:eHVnIsDnDHA.2456@TK2MSFTNGP09.phx.gbl...
> HEAD is a HTTP method that returns on the HTTP headers, not the entire
body.
>
> You can see the difference by using telnet.
>
> telnet>open www.yoursite.com 80
> HEAD /index.htm HTTP/1.1
> HOST: www.yoursite.com
> [enter]
> [enter]
>
> will return just the headers. Now, do the same, but replace HEAD with GET,
> and you'll see the headers and the HTTP body.
>
> Cheers
> Ken
>
> "Don Schultz" <Don@mail.syntaxcomputers.com> wrote in message
> news:031901c39c24$0e456350$a101280a@phx.gbl...
> : I had some hackers break into my web server when I was
> : running NT 4.0. I upgraded to 2000 and put URLScan on the
> : system and it appears to have stopped them but they
> : continue to try and gain access. Most often now they
> : simply give up after entering a command that looks like
> : this in the log file "HEAD /index.htm 200" the 200
> : indicates that they successfully retreived the index.htm,
> : which is just fine with me but what does the HEAD mean
> : and how are they going about trying to get this page
> : because none of the photos on the page are being sent to
> : them?
>
>



Relevant Pages

  • Re: Hackers trying to break into IIS
    ... HEAD is a HTTP method that returns on the HTTP headers, ... HOST: www.yoursite.com ...
    (microsoft.public.inetserver.iis.security)
  • Re: [SLE] eth0 problem: freeze/standby or broken?
    ... > Success defies gravity - it goes straight to the head. ... > Gravity take over when the head becomes heavy with Success! ... Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com ...
    (SuSE)
  • Re: Server Side filtering (as pertains to Google Groups)
    ... including headers which are not included in ... HEAD Return the headers of an article. ... For the XPAT command, ... run 'head' and apply filters). ...
    (news.software.readers)
  • Re: Newsgroup not deleting headers
    ... >> How do I Reset a newsgroup? ... dfw.forsale to get it to start downloading headers. ... retrieved - head and body follows ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: (Xnews) Memory problems - NOW girls - No fighting!
    ... get your head out - Pleeeez! ... But your headers show that you are. ... virtual newbie. ... Killing all posts from Google Groups ...
    (news.software.readers)