Re: Hackers trying to break into IIS
From: Jerry III (jerryiii_at_hotmail.com)
Date: Sun, 26 Oct 2003 23:00:52 -0800
As for why it shows up in the log - if you set IE (and other browsers) to
check their cached versions of files automatically they will send either a
HEAD request to get the modified date (and so on, there's more but that
would be too much detail for you) or send a regular GET request with
If-Unmodified-Since header or one of the other conditional headers (which
will get 304 response with no body if the file wasn't modified). To make a
long story short - those are not hackers.
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> HEAD is a HTTP method that returns on the HTTP headers, not the entire
> You can see the difference by using telnet.
> telnet>open www.yoursite.com 80
> HEAD /index.htm HTTP/1.1
> HOST: www.yoursite.com
> will return just the headers. Now, do the same, but replace HEAD with GET,
> and you'll see the headers and the HTTP body.
> "Don Schultz" <Don@mail.syntaxcomputers.com> wrote in message
> : I had some hackers break into my web server when I was
> : running NT 4.0. I upgraded to 2000 and put URLScan on the
> : system and it appears to have stopped them but they
> : continue to try and gain access. Most often now they
> : simply give up after entering a command that looks like
> : this in the log file "HEAD /index.htm 200" the 200
> : indicates that they successfully retreived the index.htm,
> : which is just fine with me but what does the HEAD mean
> : and how are they going about trying to get this page
> : because none of the photos on the page are being sent to
> : them?