[Dshield] Web server log file scans for PHP
Jon R. Kibler
Jon.Kibler at aset.com
Wed May 7 21:02:21 GMT 2008
Shelton, Steve wrote:
> Hello,
>
> There are a few "miscreant" IRC networks out in the wild that are 100
> percent dedicated to SQL injection and URL inclusion. One extremely
> nefarious network irc.indoirc.net was having a hard time over the past
> few months but seem to have morphed in irc.racrew.us and are back in
> force as of late with a good amount of servers and bots which may
> account for the spike.
>
> - irc.indoirc.net. 7200 IN CNAME irc.racrew.us
>
> Steve Shelton
> Network Security Engineer
> Cogent Communications
Okay, I will not argue there are a bunch of bots doing SQL Injection,
but none of the PHP code that is being probed has published vulns.
Are you saying the morons have some 0-days that they are using?
Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
m: 843-224-2494
=========================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
More information about the list
mailing list