Re: xmlrpc question

From: Bernard Cheah [MVP] (qbernard_at_hotmail.com.discuss)
Date: 11/17/05 

Date: Thu, 17 Nov 2005 14:26:49 +0800

This is the recent xmlrpc worm attack.
You are clean as all response are 404 - page not found. 

-- 
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://www.msmvps.com/bernard/
"FD" <fd@nospam.net> wrote in message 
news:u3w0Qbr6FHA.1420@TK2MSFTNGP09.phx.gbl...
> Hi,
> I read the post and response about xmlrpc hanging.  I do not have that 
> problem but I have seen this message in my IIS 6.0 logs.  Since the IP 
> addresses are getting a 404 error, I think I am ok. Since I am new to IIS, 
> I just want to make sure a virus has not infected our webserver.  Thanks 
> for you help.  Here is a part of the log:
>
> 2005-11-16 10:40:27 x.x.x.xPOST /xmlrpc.php - 80 - 209.206.228.15 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 2
> 2005-11-16 10:40:28 x.x.x.xPOST /blog/xmlrpc.php - 80 - 209.206.228.15 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
> 2005-11-16 10:40:29 x.x.x.xPOST /blog/xmlsrv/xmlrpc.php - 80 - 
> 209.206.228.15 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
> 2005-11-16 10:40:30 x.x.x.xPOST /blogs/xmlsrv/xmlrpc.php - 80 - 
> 209.206.228.15 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
> 2005-11-16 10:40:32 x.x.x.xPOST /drupal/xmlrpc.php - 80 - 209.206.228.15 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
> 2005-11-16 10:40:33 x.x.x.xPOST /phpgroupware/xmlrpc.php - 80 - 
> 209.206.228.15 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
> 2005-11-16 10:40:34 x.x.x.xPOST /wordpress/xmlrpc.php - 80 - 
> 209.206.228.15 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
> 2005-11-16 10:40:35 x.x.x.xPOST /xmlrpc.php - 80 - 209.206.228.15 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 2
> 2005-11-16 10:40:36 x.x.x.xPOST /xmlrpc/xmlrpc.php - 80 - 209.206.228.15 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
> 2005-11-16 10:40:37 x.x.x.xPOST /xmlsrv/xmlrpc.php - 80 - 209.206.228.15 
> Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;) 404 0 3
> #Software: Microsoft Internet Information Services 6.0
>
>

Relevant Pages

  • xmlrpc question
    ... I read the post and response about xmlrpc hanging. ... problem but I have seen this message in my IIS 6.0 logs. ... Since I am new to IIS, ...
    (microsoft.public.inetserver.iis.security)
  • Re: xmlrpc question
    ... > This is the recent xmlrpc worm attack. ... >> I read the post and response about xmlrpc hanging. ... >> IIS, I just want to make sure a virus has not infected our webserver. ...
    (microsoft.public.inetserver.iis.security)
  • Re: IIS and HTTP API
    ... > a logical concept onto a streaming concept without parsing. ... I think you are wrong in performance reasons, because IIS 6 and IIS 5 as ... well has to process the response headers in a structured way to can be used ... If IIS processes response headers it will know where the response entity ...
    (microsoft.public.inetserver.iis)
  • Re: IE cannot download .pdf, .doc, .xls from HTTPS site
    ... Thanks for the response and the guidence, I am looking into the firewall ... IIS does not send those headers on its own, ... You are running an application that sends that response header (the ... IIS actually successfully sent the file as download over SSL ...
    (microsoft.public.inetserver.misc)
  • RE: iis and start page
    ... I am not getting anything to work for active server pages any more and I ... "nass" wrote: ... In IIS I have the user set to IUSER_worgroupname. ... Server's response: HTTP/1.1 403 Access Forbidden ...
    (microsoft.public.windowsxp.perform_maintain)