I recently switched hosts, but while looking at my log directory from my former Unix host (the nice guys that they are, they usually don't delete cancelled accounts right away), I noticed this 5 meg dll residing there: nsiislog.dll. I know I didn't accidentally ftp it from my PC because that dll doesn't even exist on it.

Since October 13, I occasionally noticed entries such as this in my log files: 218.204.93.147 - - [20/Oct/2003:15:48:21 -0600] "GET /scripts/nsiislog.dll" 404 - "-" "-"

(The IP's aren't always the same.)

Do Unix machines have dll's? I assumed those were a Microsoft thing. I'd ask my former host about this, but if their servers had been hacked, I'm not sure they'd tell me. Thus I'm asking the question here (I'm curious). Of course I will let them know about it if that is a sign that somebody is up to some mischief. If not and there's a reason for having it there, then I'll learn something new.

Unix machines to not have dlls. DLLS are dynamic link libraries. Unix machines do have shared libraries that can be linked to at compile time.

nsiislog.dll is a component installed with Windows Media Services, which are not installed by default. I'm not surprised you don't have it. If you install Windows Media Services you will.

This dll is a component which facilitates logging of streaming media player client, including logging of multicast and unicast transmissions.

Intrestingly, this dll also has a buffer overflow that can be exploited by script kiddies. Ensure its patched.

Cheers
Jeff

These are people probing for exploits etc. As long as your systems are secure, there is nothing to worry about.

Thanks for the responses.

What bugs me is how it got there in the first place, if it doesn't belong there. In other words from what y'all say above, it's nothing that a Unix host would put there which may mean some unauthorized individual put it there.

notice the error is a 404, whoch means the dll was requested but doesn't exist on the server.:)

Yes, its a spider/bot searching for this file looking for exploits, you will see this and 5 million other bots searching for exploits. It's also a possibility to be part of a worm that takes advantage of unpatched systems that tries to spread this way.

Hacking is not always against someone that pissed someone off but just basic internet IP probing.