Google has recently started to flag "my" website as a malicious site. I've had a look through the logs and have come across part that concerns me.
I've edited the code to remove IPs and user accounts for obvious reasons
I'm far from an expert when it comes to this but it looks like changes were carried out to the site.
I have the suspected IP logged and have a rough idea who has caused it
Can someone please confirm whether or not this confirms changes have been made with malicious intent.
Thanks a lot
edit: I just want to add that the original App.doc should be there as should the directories.
If any other information is required (other than the website name
) please ask
I've edited the code to remove IPs and user accounts for obvious reasons
Code:
2009-03-23 15:02:30 * ** ServerIP OPTIONS / - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:30 * ** ServerIP PROPFIND /test - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:30 * ** ServerIP PROPFIND /test/forms/App.doc - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:30 * ** ServerIP PROPFIND /test/forms/App.doc.bat - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:30 * ** ServerIP PROPFIND /test/forms/App.doc.cmd - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:31 * ** ServerIP PROPFIND /test/forms/App.doc.exe - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:31 * ** ServerIP PROPFIND /test/forms/App.doc.com - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:31 * ** ServerIP PROPFIND /test/forms/App.doc.pif - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:31 * ** ServerIP PROPFIND /test/forms/App.doc.lnk - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:31 * ** ServerIP PROPFIND /test - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:31 * ** ServerIP PROPFIND /test/forms/App.doc - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:31 * ** ServerIP PROPFIND /test/forms/App.doc.bat - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:31 * ** ServerIP PROPFIND /test/forms/App.doc.cmd - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:32 * ** ServerIP PROPFIND /test/forms/App.doc.exe - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:32 * ** ServerIP PROPFIND /test/forms/App.doc.com - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:33 * ** ServerIP PROPFIND /test/forms/App.doc.pif - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -
2009-03-23 15:02:33 * ** ServerIP PROPFIND /test/forms/App.doc.lnk - 80 - SuspectIP HTTP/1.1 Microsoft-WebDAV-MiniRedir/5.1.2600 - -I'm far from an expert when it comes to this but it looks like changes were carried out to the site.
I have the suspected IP logged and have a rough idea who has caused it
Can someone please confirm whether or not this confirms changes have been made with malicious intent.
Thanks a lot
edit: I just want to add that the original App.doc should be there as should the directories.
If any other information is required (other than the website name
) please ask
Last edited: