Re: Re: notice: mambo scanner

[dontbugme () nomail com]

I have been getting these too.

Here is the scary part:

I got repetitive scans for this and other vulnerability scans, lumped together and not making any sense (the requests 
would not return any usable user data and are out of context)>

I complained logged a request for prosecution on a European attack source, and on their provider.

Since 24h after that, all such scans stopped, I did not see one for three days now.
There were some every day.

It is one source, using probably compromised servers all over the world (why would Chinese origins and European origins 
stop at the same time?)

There were also always correlated connection requests after a scan (this is a honeypot, I am good!) from other IPs in 
sequence after such a scan.

Sure, hhere are script kiddies out there.
This is one organization using worldwide - eventually compromised - hosts to scan periodically, probably the whole 'I'.

Wonder who could that be, who just got ratted out to a foreign coutrie's justics system....

me, safe and secure behind my systems

microsoft free of course...........

This is very significant, since these scans happened a couple of times a day (less than a dozen) from different IPs all 
over the world.


I bet, the moment this message here percolated, just to prove the point, that organization will launch at least one new 
scan, within baout 12h.

me

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------