[KCFusion] OT: browser type
This is off topic but I don't know where else to ask. The ColdFusion server sends me reports of unusual attempts to gain access to our intranet, and I'm trying to interpret a recent report. Everything is decipherable except the browser type: Java1.3.0 Does anyone know what that might be? Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED]
Re: [KCFusion] OT: browser type
Probably a Java-based vulnerability scanner. If your site is linked a lot, expect /many/ of these sorts of attempts every day. Things like: (a sample of the most popular vulnerability scans from my logs) /_vti_bin/_vti_aut/author.exe /cgi-bin/formmail.pl /msoffice/cltreq.asp /_vti_bin/owssvr.dll /cgi-bin/formmail.cgi /cgi-local/formmail.pl /cgi-local/formmail.cgi /cgibin/formmail.cgi /cgibin/formmail.pl And, of course, all of the usual CodeRed and CRII scans. (Which are blocked by my firewall software and never make it into my logs.) --Daryl - Original Message - From: Keith Purtell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 15, 2002 9:03 AM Subject: RE: [KCFusion] OT: browser type Well, the page request came from an overseas IP address, and they were trying to access a page that might contain information about administrators, so I was suspicious. Thanks for the info. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan Hartwich Sent: Monday, April 15, 2002 8:55 AM To: [EMAIL PROTECTED] Subject: RE: [KCFusion] OT: browser type Java 1.3.0 is one of the current standard versions of the java virtual machine. I believe the numbers are the same as what is installed by Netscape 6/6.2 and is or was one of the versions that Jrun and the betas of CF MX uses. You might be seeing another server trying to pull a page versus a browser, or just a funky Unix browser like Mozilla that is highly dependent on Java. Ryan __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED] __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED]
Re: [KCFusion] OT: browser type
A I was wondering what that /cgi-bin/formmail.pl thing was that kept showing up. What is that exactly and what are they after, and should I be overly worried? A. - Original Message - From: Daryl Banttari [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 15, 2002 10:36 AM Subject: Re: [KCFusion] OT: browser type Probably a Java-based vulnerability scanner. If your site is linked a lot, expect /many/ of these sorts of attempts every day. Things like: (a sample of the most popular vulnerability scans from my logs) /_vti_bin/_vti_aut/author.exe /cgi-bin/formmail.pl /msoffice/cltreq.asp /_vti_bin/owssvr.dll /cgi-bin/formmail.cgi /cgi-local/formmail.pl /cgi-local/formmail.cgi /cgibin/formmail.cgi /cgibin/formmail.pl And, of course, all of the usual CodeRed and CRII scans. (Which are blocked by my firewall software and never make it into my logs.) --Daryl - Original Message - From: Keith Purtell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 15, 2002 9:03 AM Subject: RE: [KCFusion] OT: browser type Well, the page request came from an overseas IP address, and they were trying to access a page that might contain information about administrators, so I was suspicious. Thanks for the info. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan Hartwich Sent: Monday, April 15, 2002 8:55 AM To: [EMAIL PROTECTED] Subject: RE: [KCFusion] OT: browser type Java 1.3.0 is one of the current standard versions of the java virtual machine. I believe the numbers are the same as what is installed by Netscape 6/6.2 and is or was one of the versions that Jrun and the betas of CF MX uses. You might be seeing another server trying to pull a page versus a browser, or just a funky Unix browser like Mozilla that is highly dependent on Java. Ryan __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED] __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED] __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED]