[Dshield] Interesting Web Log Entries

gentuxx gentuxx at gmail.com
Fri Mar 24 15:29:01 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

George A. Theall wrote:

>On Thu, Mar 23, 2006 at 01:29:33PM -0800, DigitalNation wrote:
>
>>These are mostly outdated PHP cross scripting attempts.
>
>
>I wasn't asking what these are but rather what tool / worm is generating
>them.
>
>>The awstats.pl is
>>very commonly seen.
>
>
>Yes, but unless your logs are different than mine, the attempts involve
>arbitrary command execution rather than cross-site scripting attacks.
>
- From what I've seen, the awstats.pl and xmlrpc.php requests are
indicative of the Lupii worm.  Not toally sure if that's what's going
on here, but it's a start.  At least it's not getting through.  ;-)

- --
gentux
echo "hfouvyAdpy/ofu" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 34CE 2E97 40C7 EF6E EC40  9795 2D81 924A
6996 0993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEJBA9LYGSSmmWCZMRAhSiAJ0Yb3R7xwq+1kNxVu5I0r93zLXlZQCfaGid
rUslQo6n8nyY/RvGBj4vZ9E=
=wzDp
-----END PGP SIGNATURE-----



More information about the list mailing list