Server logs. - Javascript

William

Hello,

I've just get the following in my server logs and I think it is pretty
uncommon. Can anybody tell me if somebody is REALLY putting something on my
site or, what does "options", "post" and "head" mean? Can javascript be used
to avoid outsiders to do it?

IP address [date & time] "OPTIONS / HTTP/1.1"
IP address [date & time] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1"
IP address [date & time] HEAD / HTTP/1.1

Usual server logs are only like this (note the GET command):
IP address [date & time] "GET /index.html HTTP/1.1"

Thanks in advance.

W.

Jul 20 '05 #1

Subscribe Reply

2066

Grant Wagner

William wrote:

Hello,

I've just get the following in my server logs and I think it is pretty
uncommon. Can anybody tell me if somebody is REALLY putting something on my
site or, what does "options", "post" and "head" mean? Can javascript be used
to avoid outsiders to do it?

IP address [date & time] "OPTIONS / HTTP/1.1"
IP address [date & time] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1"
IP address [date & time] HEAD / HTTP/1.1

Usual server logs are only like this (note the GET command):
IP address [date & time] "GET /index.html HTTP/1.1"

Thanks in advance.

W.

While none of this has anything to do with JavaScript, it's an interesting
question, so I figured I'll take a whack at it.

HTTP standards provides a number of "methods" which can be invoked on the
server. GET and POST are by far the most common, but you can also PUT and HEAD
the server, as well as a number of other, seldom used, methods that provide
other information or functionality to an HTTP client (which may or may not be a
browser).

A list of methods from 1992 (HTTP 1.0?) is available at <url:
http://www.w3.org/Protocols/HTTP/Methods.html />. A list of common HTTP 1.1
methods is available at <url:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html />

So while OPTIONS and that particular POST look like they might be caused by Code
Red or some other IIS exploit, the methods OPTIONS and POST by themselves mean
nothing, since they are perfectly valid requests to make of a web server. A
properly configured a web server should probably ignore OPTIONS, DELETE, PUT and
TRACE (unless you're using WebDAV, in which case I believe you need PUT and
DELETE).

I think apache, for example, comes with only GET, HEAD and POST enabled.

--
| Grant Wagner <gw*****@agrico reunited.com>

* Client-side Javascript and Netscape 4 DOM Reference available at:
*
http://devedge.netscape.com/library/...ce/frames.html

* Internet Explorer DOM Reference available at:
*
http://msdn.microsoft.com/workshop/a...ence_entry.asp

* Netscape 6/7 DOM Reference available at:
* http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 7 / Mozilla
* http://www.mozilla.org/docs/web-deve...upgrade_2.html

Jul 20 '05 #2

William

Thanks a lot Grant.

While none of this has anything to do with JavaScript, it's an interesting
question, so I figured I'll take a whack at it.

HTTP standards provides a number of "methods" which can be invoked on the
server. GET and POST are by far the most common, but you can also PUT and HEAD
the server, as well as a number of other, seldom used, methods that provide
other information or functionality to an HTTP client (which may or may not be
a
browser).

A list of methods from 1992 (HTTP 1.0?) is available at <url:
http://www.w3.org/Protocols/HTTP/Methods.html />. A list of common HTTP 1.1
methods is available at <url:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html />

So while OPTIONS and that particular POST look like they might be caused by
Code
Red or some other IIS exploit, the methods OPTIONS and POST by themselves mean
nothing, since they are perfectly valid requests to make of a web server. A
properly configured a web server should probably ignore OPTIONS, DELETE, PUT
and
TRACE (unless you're using WebDAV, in which case I believe you need PUT and
DELETE).

I think apache, for example, comes with only GET, HEAD and POST enabled.

--
| Grant Wagner <gw*****@agrico reunited.com>

* Client-side Javascript and Netscape 4 DOM Reference available at:
*
http://devedge.netscape.com/library/...reference/fram
es.html

* Internet Explorer DOM Reference available at:
*
http://msdn.microsoft.com/workshop/a...reference_entr
y.asp

* Netscape 6/7 DOM Reference available at:
* http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 7 / Mozilla
* http://www.mozilla.org/docs/web-deve...upgrade_2.html

Jul 20 '05 #3

Similar topics

2791

[Errno 9] Bad File Descriptor on Windows 2003 Server & Py 2.4.1

by: rbt | last post by:

The below script produces a ' Bad File Descriptor' when executed. If I remove the try: except: statements, the script stops when the error occurs. The purpose of the script is to monitor the size of the three main logs on a Windows 2003 server and send and email should any of the logs get shorter. It works fine... just don't know *why* it produces the ' Bad File Descriptor' error. I'm running Python 2.4.1 on Windows 2003 SP1 Server...

Python

2219

sql server transaction logs

by: Andrew S. | last post by:

I recently performed an SQL server 2000 installation. Other than placing the program files on C: and data on D:, I saw no option to install transaction logs in an alternate location. What is the best practice with SQL server 2000 for location of transaction logs? I remember that Microsoft used to take the position that transaction logs should be placed on their own FAT partition.

Microsoft SQL Server

1363

SQL Server 7 Backup Problems

by: Ali Syed | last post by:

I am having problems trying to get SQL server Agent to run an unattended backup of my databases. I setup (or think I did) a schedule in maintenance but it doesn't work. Is there a website or link where I can get step by step instructions for setup of a backup using sql server agent or anything regarding unattended backups in sql server 7?

Microsoft SQL Server

1765

SQL Server 2000 Backup + Restore question

by: Eric J. Holtman | last post by:

Of course I'll try this before I go live, but I figured I'd ask here first. I've read the docs, and the answer is unclear. My current backup strategy is: Take a full database backup occasionally (like, every two weeks). Back up logs every five minutes. This works, but restoring the database all the way through can take a while, as I've sometimes spun through 800+ log restores.

Microsoft SQL Server

2415

Log Shipping from Primary Server to Backup and vise versa.

by: shenanwei | last post by:

I have a primary server and backup server located in different physical sites. The primary server is live and ship logs to backup site every 5 minutes. The primary server is being full online backed up every sunday locally. Those logs are being applied to backup server every five minutes. For example, Primary site has power outage on tuesday, the last log was shipped was S0001000.LOG. Backup server was brought to live, the first active...

DB2 Database

647

Server Application Unavailable

by: Steve Buster | last post by:

All right, I have read every forum, newsgroup etc about this issue and no one seems to know how to fix it. I am getting a "Server Application Unavailable" exception running my .NET 1.1 application. I use W2K SP4 and have applied the hot Fix KB824146 and KB824105, both IE fixes. I don't have VS installed because this is a Quality Environment. I do have .NET SDK and .NET 1.1 Runtime installed. I can't change my APSNET user to run as...

ASP.NET

1056

Terminal Server Question

by: Microsoft News | last post by:

Anyone knows how to find out how many instances of Terminal Server is running? If I have a Terminal server that has 5 licenses and 4 user's logon I want to know how to find out that 4 users are logged on. I'd like to do this all through code. Right now I am using VB.Net and trying to keep track of how many instances of my application is running. However, that does not work if the users logon with different usernames. Example: John...

Visual Basic .NET

1808

Client- Server Programming using VB.NEt & SQL SERVER

by: NRakhesh | last post by:

I have to submit a project as a part of my final year project. I consulted various domains and finally decided to implement a work on delevoping a system for transcription work based company. The overall flow is somewhat like this the client either and indiviudal or a department is given access rights to a Toffice (transcription office) and adds files to his table and connects it through a web server (IIS) by generating XML files and...

Visual Basic .NET

1429

archive logs regularly for restore on 2. server

by: mahr | last post by:

Hello, is there a way (Win 2003, DB2 UDB 8.1 Fixpack9), that the logs are archived regularly? Our server writes logs (-> archive logs) only 1-3 times per day. I would like to have them more frequently, because I move them (with OS tools) to another server for the case of desaster( server destroyed completly). Is the only way to schedule a job with the 'archive log'-command? How do other DBAs handle this requirement of recoverability?...

DB2 Database

8392

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8305

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

8730

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

8605

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

7321

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6163

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

5632

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

4151

Trying to create a lan-to-lan vpn between two differents networks

by: TSSRALBI | last post by:

Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...

Networking - Hardware / Configuration

2726

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp