Security Incidents mailing list archives
Re: High volume of Mambo scans
From: Peter Kosinar <goober () ksp sk>
Date: Mon, 15 May 2006 01:43:35 +0200 (CEST)
Hello Daniel,
However, they say the problem is on function.php and I'm seeing them on index.php. Can anyone confirm that?
I've been seeing this kind of requests for quite a long time; susprisingly, they seem to have disappeared in the last week or so. If you look at the script it was trying to download and execute, you'll find that it's pretty much the standard perlbot (http://handlers.sans.org/jullrich/perlbot.html) with some adjustments for this particular vulnerability/irc server information.
Peter -- [Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278
Current thread:
- High volume of Mambo scans Daniel Cid (May 14)
- Re: High volume of Mambo scans Peter Kosinar (May 14)
- Re: High volume of Mambo scans George A. Theall (May 14)
- Re: High volume of Mambo scans Jamie Riden (May 14)
- Re: High volume of Mambo scans Karl Schlitt (May 15)