Re: Hackers trying to break into IIS

From: Jerry III (
Date: 10/27/03

Date: Sun, 26 Oct 2003 23:00:52 -0800

As for why it shows up in the log - if you set IE (and other browsers) to
check their cached versions of files automatically they will send either a
HEAD request to get the modified date (and so on, there's more but that
would be too much detail for you) or send a regular GET request with
If-Unmodified-Since header or one of the other conditional headers (which
will get 304 response with no body if the file wasn't modified). To make a
long story short - those are not hackers.


"Ken Schaefer" <> wrote in message
> HEAD is a HTTP method that returns on the HTTP headers, not the entire
> You can see the difference by using telnet.
> telnet>open 80
> HEAD /index.htm HTTP/1.1
> [enter]
> [enter]
> will return just the headers. Now, do the same, but replace HEAD with GET,
> and you'll see the headers and the HTTP body.
> Cheers
> Ken
> "Don Schultz" <> wrote in message
> news:031901c39c24$0e456350$a101280a@phx.gbl...
> : I had some hackers break into my web server when I was
> : running NT 4.0. I upgraded to 2000 and put URLScan on the
> : system and it appears to have stopped them but they
> : continue to try and gain access. Most often now they
> : simply give up after entering a command that looks like
> : this in the log file "HEAD /index.htm 200" the 200
> : indicates that they successfully retreived the index.htm,
> : which is just fine with me but what does the HEAD mean
> : and how are they going about trying to get this page
> : because none of the photos on the page are being sent to
> : them?