[Dshield] Someone is scanning for PHP XML RPC vulnerability
security at admin.fulgan.com
Tue Oct 11 07:31:08 GMT 2005
Apparently, someone is actively scanning for the PHP XMLRPC flaw. All
my web servers and three completely separate networks have been probed.
All the probes came from the same source IP: 184.108.40.206.
The following locations are probed:
Unfortunately, I don't quite understand the command it gives to the
script, I think it's trying to connect back to 220.127.116.11 on 8080
and the presence of chmod, in seems to indicates that it targets unix
The relevant parameter is:
Does someone understand this script ?
More information about the list