[Dshield] Someone is scanning for PHP XML RPC vulnerability

Stephane Grobety security at admin.fulgan.com
Tue Oct 11 07:31:08 GMT 2005

Apparently, someone is actively scanning for the PHP XMLRPC flaw. All
my web servers and three completely separate networks have been probed.

All the probes came from the same source IP:

The following locations are probed:


Unfortunately, I don't quite understand the command it gives to the
script, I think it's trying to connect back to on 8080
and the presence of chmod, in seems to indicates that it targets unix

The relevant parameter is:


Does someone understand this script ?

Good luck,

More information about the list mailing list