Odd log requests

[Phillip Vector]

So about 6 months ago, I made a page on my local server that pulls up a list of movies I had in a directory and displayed them as links (I was working on a way to make the WiiU in my living room play movies).. 

Fast forward.. About a month ago, I started noticing a remote IP trying to access (and succeeding) the local server and pulling it up. Thing is, my WiiU is packed away since I moved and I can confirm that isn't it.

It's happening every minute and there is no port forwarding through port 80 to my machine.

When I pull up the logs, I get this.

User Agent:	Microsoft-WebDAV-MiniRedir/6.1.7601
Lucee (Neo) Os FINAL 4.5.1.000 (CFML Version 10,0,0,0) Time Stamp Feb 17, 2016 6:58 AM Time Zone America/Los_Angeles Locale English (us) Remote IP [Redacted]

This is my local computer, but I'm not running anything that checks it every minute. Does anyone have any suggestions on how I can figure out what is accessing this link? There are no scheduled tasks that are running (or even entered) that would do this.

[Denard Springle]

The user agent is a good place to start...

http://security.stackexchange.com/questions/44600/is-this-a-security-issue-at-the-remote-host-or-the-local-host

https://en.wikipedia.org/wiki/WebDAV

Is that folder shared over your network, by any chance?

-- Denny

[Denard Springle]

Also...

 

How to disable WebDav in IIS7: http://www.exactsoftware.com/docs/DocView.aspx?DocumentID=%7Bc288fa96-2eea-414f-843f-29a2a1531405%7D 

HTH!

-- Denny

[Phillip Vector]

It was shared. Now it isn't and the connections continue.

I'm not using IIS, so I don't think it's WebDAV is doing it. I tried ending Chrome, but that didn't help.

--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/6653b69f-7413-4b24-8f4d-042861cc1bf9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Phillip Vector]

Well... Damm..

After a lot of outputting to a text file, I got this.

User Agent:

Microsoft-WebDAV-MiniRedir/6.1.7601

I guess that IS my problem. Thanks for the heads up. I have no idea what turned this on.

[Phillip Vector]

Weird though.. I don't have IIS installed on my Windows 7 machine.

[Phillip Vector]

Oddly as well, it stopped at 11:58AM (it was doing it every 2 mins twice). Almost like a scheduled task, but there are none of those either.

[Phillip Vector]

and now it's back at 12:15pm.. *cries*

[Phillip Vector]

So... If another computer inside the network is accessing the tomcat host on the main computer, that won't show up at localhost.. Right?

User Agent:	Microsoft-WebDAV-MiniRedir/6.1.7601

Lucee (Neo) Os FINAL 4.5.1.000 (CFML Version 10,0,0,0)

Time Stamp Feb 18, 2016 12:21 PM

Time Zone America/Los_Angeles Locale English (us)

Remote IP [Redacted] 853:8299:f5a4:da64%10 Host Name floyd Architecture 64bit

The remote IP has that %10 at the end, but that's my IPv6 IP for the local host ("floyd"). Is it possible another computer is accessing it? If so, wouldn't the remote IP show that computers IP? Is there something about the %10 at the end that I'm not understanding?