[Dshield] HTTP_PHP_Includedir

Frank Knobbe frank at knobbe.us
Fri Mar 17 23:47:57 GMT 2006

On Fri, 2006-03-17 at 10:58 -0800, DigitalNation wrote:
> We are seeing a lot of these cross scripting PHP attacks lately. Anyone else
> see an increase? I know it is PHP WEB CALENDAR related. We do not run this
> app, but still we see these scripts daily. What exactly are they looking
> for?

Yup, sharp increase since a day and a half or so.

We've also seen an increase in scans to member.php. Perhaps due to this:


It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20060317/81974953/attachment.bin

More information about the list mailing list