[Dshield] Web server log file scans for PHP

Jon R. Kibler Jon.Kibler at aset.com
Wed May 7 21:02:21 GMT 2008


Shelton, Steve wrote:
> Hello,
> 
> There are a few "miscreant" IRC networks out in the wild that are 100
> percent dedicated to SQL injection and URL inclusion.  One extremely
> nefarious network irc.indoirc.net was having a hard time over the past
> few months but seem to have morphed in irc.racrew.us and are back in
> force as of late with a good amount of servers and bots which may
> account for the spike.
> 
> - irc.indoirc.net.        7200    IN      CNAME   irc.racrew.us
> 
> Steve Shelton
> Network Security Engineer
> Cogent Communications

Okay, I will not argue there are a bunch of bots doing SQL Injection,
but none of the PHP code that is being probed has published vulns.
Are you saying the morons have some 0-days that they are using?

Jon Kibler
-- 
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
m: 843-224-2494




=========================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list