[Dshield] Interesting Web Log Entries
gentuxx at gmail.com
Fri Mar 24 15:29:01 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
George A. Theall wrote:
>On Thu, Mar 23, 2006 at 01:29:33PM -0800, DigitalNation wrote:
>>These are mostly outdated PHP cross scripting attempts.
>I wasn't asking what these are but rather what tool / worm is generating
>>The awstats.pl is
>>very commonly seen.
>Yes, but unless your logs are different than mine, the attempts involve
>arbitrary command execution rather than cross-site scripting attacks.
- From what I've seen, the awstats.pl and xmlrpc.php requests are
indicative of the Lupii worm. Not toally sure if that's what's going
on here, but it's a start. At least it's not getting through. ;-)
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40 9795 2D81 924A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v126.96.36.199 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the list