Thanks again, Adam. Yeah, I noticed the canned response stuff
I have not corellated any of this with my raw IIS logs, but that is a good idea. Okay, here is what I found in IIS log:
- 2013-09-05 03:54:10 myIP GET /CFIDE/adminapi/customtags/l10n.cfm attributes.id=it&attributes.file=../../administrator/analyzer/index.c fm&attributes.locale=it&attributes.var=it&attributes.jscript=false&attributes.type=text/html& attributes.charset=UTF-8&thisTag.executionmode=end&thisTag.generatedCo ntent=htp 80 - 89.76.164.243 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+6.0;+en)+Opera+9.50 404 0 0 561
- 2013-09-05 03:54:23 myIP GET /CFIDE/adminapi/customtags/l10n.cfm attributes.id=it&attributes.file=../../administrator/analyzer/index.c fm&attributes.locale=it&attributes.var=it&attributes.jscript=false&att ributes.type=text/html&attributes.charset=UTF-8&thisTag.executionmode= end&thisTag.generatedContent=htp 443 - 95.130.9.89 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+6.0;+en)+Opera+9.50 404 0 0 405
So this definitely explains the locale business. A scanner of some kind it setting locale=it (Italy I assume) and while I don't know what this means or why, I can see how perhaps this is causing errors
That said, both those IPs are NOT internal, quite the contrary, so I have to research and figure out how that is being accessed behind our firewall. Example: https://www.projecthoneypot.org/ip_95.130.9.89
Looks like my server is returning a 404, so that's good, but still worrisome.
The question remains: what exactly does "Unexpected characters found in locale" mean, and why is it showing up as an error, and why should I care (not a rhetorical question), other than the fact some random IP is able to access my CFIDE? Thanks! You've helped set me in the right direction, and perhaps helped me uncover other issues I need to be looking at