| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun Feb 19 19:24:05 2006 From: bfilipov at gmail.com (Boris Filipov) Subject: update on the linux worm I get these all the time: 195.4.223.70 - - [19/Feb/2006:14:31:09 +0000] "POST /xmlrpc.php HTTP/1.1" 404 271 195.4.223.70 - - [19/Feb/2006:14:31:11 +0000] "POST /blog/xmlrpc.php HTTP/1.1" 404 276 195.4.223.70 - - [19/Feb/2006:14:31:14 +0000] "POST /blog/xmlsrv/xmlrpc.php HTTP/1.1" 404 283 195.4.223.70 - - [19/Feb/2006:14:31:16 +0000] "POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 284 195.4.223.70 - - [19/Feb/2006:14:31:18 +0000] "POST /drupal/xmlrpc.php HTTP/1.1" 404 278 195.4.223.70 - - [19/Feb/2006:14:31:20 +0000] "POST /phpgroupware/xmlrpc.php HTTP/1.1" 404 284 195.4.223.70 - - [19/Feb/2006:14:31:22 +0000] "POST /wordpress/xmlrpc.php HTTP/1.1" 404 281 195.4.223.70 - - [19/Feb/2006:14:31:24 +0000] "POST /xmlrpc.php HTTP/1.1" 404 271 195.4.223.70 - - [19/Feb/2006:14:31:27 +0000] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 278 I guess it has to do something with the worm everybody is talking about. Filbert wrote: >On Sunday 19 February 2006 16:27, Micheal Turner wrote: > > >>Could you clarify what vulnerabilities are being >>exploited in the PHP applications ? >> >> >> > >To my knowledge: mambo, phpgroupware and wordpress. >I submitted a sample to Clamav AV yesterday. > >AntiVir recognises it as Worm/Linux.Lupper.B, Kaspersky Anti-Virus as >Net-Worm.Linux.Mare.e. Others don't. > >F. >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > > >
Powered by blists - more mailing lists