WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Mambo, Coppermine and PHPBB Attacks

From: "John Cobb" <johnc () nobytes com>
Date: Mon, 19 Dec 2005 11:26:47 -0000
Hi Ryan,

I have also noticed a lot of attacks recently.
I think this is possibly thanks to a new worm/irc bot running on *nix.

Recent report I have received:

Requests with error response codes
    403 Forbidden
       /: 1 Time(s)
    404 Not Found
       /Forums/admin/admin_styles.phpadmin_styles ... cho%20YYY;echo|: 2
Time(s)
       /blog/xmlrpc.php: 1 Time(s)
       /blog/xmlsrv/xmlrpc.php: 1 Time(s)
       /blogs/xmlsrv/xmlrpc.php: 1 Time(s)
       /drupal/xmlrpc.php: 1 Time(s)
       /modules/Forums/admin/admin_styles.phpadmi ... cho%20YYY;echo|: 2
Time(s)
       /phpgroupware/xmlrpc.php: 1 Time(s)
       /sumthin: 1 Time(s)
       /wordpress/xmlrpc.php: 1 Time(s)
       /xmlrpc.php: 3 Time(s)
       /xmlrpc/xmlrpc.php: 1 Time(s)
       /xmlsrv/xmlrpc.php: 1 Time(s)
    405 Method Not Allowed
       1.3.3.7:1337: 1 Time(s)

Regards

John Cobb
www.nobytes.com



-----Original Message-----
From: Mark Ryan del Moral Talabis [mailto:talabis () gmail com] 
Sent: Monday, December 19, 2005 6:24 AM
To: webappsec () securityfocus com
Subject: Mambo, Coppermine and PHPBB Attacks

Our honeynet has been picking up an increase in the number of code
injection attacks in the past few days. Attacks are primarily directed
to several popular open source applications: Mambo, Coppermine and
PHPBB.

Analysis:
http://www.philippinehoneynet.org/dataarchive.php?date=2005-12-17

Ryan Talabis
Lead Analyst
Philippine Honeynet Project
http://www.philippinehoneynet.org
Previous By Date Next
Previous By Thread Next

Current thread: