I manage a small website. I went over the logs this morning and found a number of pages or page references on the site that should not have been there. Most were of the format
"/_vti_bin/". I did a search for the term and learned about the Front Page debacle.

I couldn't get a good idea of how these files got there or what damage they could do. What little I did understand was that a visitor to my site had an infected machine that tried to upload or access Front Page directories. Apparently, FP has MANY weaknesses that allow hackers to take over sites that were made using that software. Most of the info I read said that if FP was not used to write and upload the site files, and if the site is NOT on a Windows server (mine is on a Linux server.) then there was little to worry about.

Can anyone add to or correct this information? What are the risks regarding these VTI files? Despite the fact that they are listed in the logs of visited pages, I can't find them in the site's directories to delete them. This is very new to me and I need help with it. Thanks in advance.

BTW: I should add that I noticed these files only in the past 7 - 10 days.

Recommended Answers

All 2 Replies

If those are just entries in your log files and the result was 404 or 403, you don't need to worry about anything. Those are just bots seeking vulnerable spots. If you don't even have such a /_vti_bin/ directory, they can't exploit anything in it.

>Despite the fact that they are listed in the logs of visited pages

Those are logs of pages requested - not necessarily actually visited. That's why you will find bot fishing attempts there.

Thanks for the explanation. It cleared things up for me.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.