i work on the iis team, not fp, but i'll take a stab. the shtml.exe file is used by the frontpage editor when it wants to upload work from the editor to the server. this communication is performed using http. the same fp server extensions (as they are called) are used by visual interdev. the extensions are not specific to microsoft servers, they are available on various flavors of unix too. what's possibly happening is someone is using fp or vid to work on your server. if the fp extensions are not there then fp/vid will not be able to upload stuff to your server, but you will probably see a log entry like that listed below from a tool trying to test if the extensions are loaded on the server. the link updating theory is interesting, but i don't think that fp tries to call any executable to verify off-server links. but i'd need to check with the fp guys... let me know if you want me to persue it... cheers, mh mikehowat_private program manager iis security -----Original Message----- From: Lloyd Vancil [mailto:levat_private] Sent: Thursday, April 23, 1998 8:36 AM To: BUGTRAQat_private Subject: More Microsoft debri Looking at my Netscape error log on my web servers recently I have found several entries that look like this: [08/Apr/1998:08:07:07] config: for host *blah* trying to POST /_vti_bin/shtml.exe/_vti_rpc, handle-processed reports: no way to service request for /_vti_bin/shtml.exe/_vti_rpc Host name removed to protect the -apparently- innocent The file being posted here is the M$ control file for servers managed by "FrontPage." In the beginning I thought these were all attempts to "take over" my server by placing a hacked version of the software in my server. Since we don't run NT or 95, for obvious reasons, I was somewhat surprised by the frequency of such brain dead attacks and even more surprised that it might work. Recently I have learned that the M$ software itself attempts to POST to this file if you attempt to "verify off site links" on a server managed by this software. IN-other-words, every time you attempt to verify links to other servers on your M$ managed http server, that server will ASSUME that every one is a M$ managed server and add yet another error entry to their error file. I have notified M$ -as expected No response- lev@ _/_/_/_/ _/_/_/_/ _/_/_/_/ _/ _/_/_/ searchmaster@ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/_/_/ .com _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:01 PDT