1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

IIS Logs - WebDAV - Local Client - Virus?

Discussion in 'Security and Privacy' started by pcadvisoruk, 2004/07/02.

Thread Status:
Not open for further replies.
  1. 2004/07/02
    pcadvisoruk

    pcadvisoruk Inactive Thread Starter

    Joined:
    2002/10/09
    Messages:
    9
    Likes Received:
    0
    Hi All,

    Hope someone can shed some light on this cause it's got me. Basically my IIS logs are filled with this:-

    #Software: Microsoft Internet Information Services 5.0
    #Version: 1.0
    #Date: 2004-06-30 23:06:48
    #Fields: date time c-ip cs-username s-sitename s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent)
    2004-06-30 23:06:48 192.168.1.3 - W3SVC1 IIS SERVER NAME 192.168.1.2 80 OPTIONS / - 200 0 383 147 20 HTTP/1.1 IIS Server Name Microsoft-WebDAV-MiniRedir/5.1.2600
    2004-06-30 23:06:48 192.168.1.3 - W3SVC1 IIS SERVER NAME 192.168.1.2 80 PROPFIND /c$ - 404 0 4205 162 20 HTTP/1.1 IIS Server Name Microsoft-WebDAV-MiniRedir/5.1.2600
    2004-06-30 23:28:06 192.168.1.3 - W3SVC1 IIS SERVER NAME 192.168.1.2 80 OPTIONS / - 200 0 383 163 371 HTTP/1.1 IIS Server Name.pcadvisoruk.net Microsoft-WebDAV-MiniRedir/5.1.2600 (there were more)

    What I am wondering is what is happening are my internal machines trying to attack my web server? And if not why are they trying these requests every few hours or even mins.

    I have read some where this is something to do with web publishing but i don't publish to my server in this or anyother way other than just copying the files to the webfolder.

    I have scanned my machine for virus's and spyware but can't find anything.

    As you can see this is happening every few mins and is causing a bit of traffic, I know the network can handle it but it's a bit of a pain when I'm checking my logs and I can't find out why this is happening.

    By the way no end user is trying to access these areas either it seems to me to be automated by some thing.

    Anyone any ideas?

    One last question is are there any programs out there that will allow a dump of all process's and files i.e. dll's in use? I have found one or two (PrcView is a good one) but I can't seem to be able to dump all this information into one file.

    Someone must have come up with such a program?
     
    pcadvisoruk,
    #1
  2. 2004/07/02
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Hi pcadvisoruk. No clue on the IIS issue I'm afraid.

    For the other, take a look at the various utilities on www.sysinternals.com.
     
    Newt,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...