I am getting the following notice in my logwatch files:
/_vti_bin/_vti_aut/fp30reg.dll HTTP Response 302
and a message from logwatch indidicating the above is a possible exploit. On most of my v-hosts, any kind of request to '/_vti_bin/_vti_aut/fp30reg.dll' returns a 404. However, I have one particular host that returns the 302 above. That host does not have front page extensions installed (at least explicitly). How can I determine why a 302 is being returned? I have tried doing a GET request, but I always get a 404.
This is on a ubuntu 9.04 server.