> Here's how I handle the infected IIS server traffic that would normally > cause a 404 to be logged: > [snip]
Thanks for the reply. I installed URLScan on the server and set UseAllowExtensions=1 (which tells URLScan to deny all requests which aren't for a specific file extension) and then listed file extensions in use on the site (.cfm, .asp, .css, .jpg, .gif, etc). That prevents the requests from Nimda, Code Red, whatever-it is infected boxes from even reaching IIS (which is great from both a security and "clean-log" point of view). Trouble is, there's still these pesky lines in the logs which don't appear to be for *anything*. It's not a huge problem, but I'd like to get analog to help show me where there are problems with the site. BTW, do you know if the requests are for the default file in the root folder by any chance? > #Software: Microsoft Internet Information Services 5.0 > #Version: 1.0 > #Date: 2002-07-29 01:01:03 > #Fields: date time c-ip cs-username s-sitename s-computername s-ip > s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status > sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent) > cs(Cookie) cs(Referer) > 2002-07-29 01:01:04 217.37.111.57 - W3SVC1 ServerName ServerIP 80 - - - > 404 2 245 97 0 HTTP/1.0 www - - - > 2002-07-29 01:01:04 217.37.111.57 - W3SVC1 ServerName ServerIP 80 - - - > 404 2 245 97 0 HTTP/1.0 www - - - > 2002-07-29 01:01:04 217.37.111.57 - W3SVC1 ServerName ServerIP 80 - - - > 404 2 245 98 0 HTTP/1.0 www - - - Thanks -- Aidan Whitehall<[EMAIL PROTECTED]> Macromedia ColdFusion Developer Fairbanks Environmental +44 (0)1695 51775 ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ +------------------------------------------------------------------------ | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/[email protected]/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 +------------------------------------------------------------------------
