LOL, hackers — nice try, but no cigar

A few weeks ago I started seeing accesses to files called /_vti_bin/owssvr.dll and /MSOffice/cltreq.asp in my traffic stats. As far as I know, these files do not exist on my server, and when I try to access them myself, I get a 404 error. (And if they don’t exist, why are they listed with my most often viewed pages and not with the other 404s? I still don’t know.)

So, last night I consulted the Great Oracle Google and was provided with enlightenment. This article on Jim Carson’s blog lists several anomalous server log entries and what they mean.

/_vti_bin/owssvr.dll
– a hacking attempt exploiting unprotected sites built with Front Page. When it appears with the previous message or /MSOffice/cltreq.asp, it’s the Nimda virus at work.

The Nimda virus only affects Windows machines and attempts to use those two files to exploit a vulnerability and gain admin rights to my server. But… ruh roh! NearlyFreeSpeech doesn’t use Windows!

Better luck next time, losers.

Tags: Geeky, The Interweb