Get Request from Zone-H.org
Something you never ever want to see in your webservers access log is a get request from zone-h.orgs wget utility looking like that:
One of those kiddies hit my badly maintained PostNuke site last week (oops, now it's out). Fortunately I didn't have any data loss. The index file was all that was damaged, so I guess I was lucky (probably because it was a publicly available script used for defacing standard PostNuke installations...).
Oh, and yes, pLog isn't vulnerable :).
www.zone-h.org - - [02/Oct/2005:13:48:00 +0200] "GET / HTTP/1.0" 200 25 "-" "Wget/1.9.1"
Zone-h.org is a site where hackers Skript Kiddies can post sites they have defaced and/or tested to be vulnerable to remote exploits. The xmlrpc bug, which was found this summer and affected numerous CMS/Portal scripts, is one of the common bugs exploitet since, resulting in hundreds of defaced websites.One of those kiddies hit my badly maintained PostNuke site last week (oops, now it's out). Fortunately I didn't have any data loss. The index file was all that was damaged, so I guess I was lucky (probably because it was a publicly available script used for defacing standard PostNuke installations...).
Oh, and yes, pLog isn't vulnerable :).
Information and Links
Join the fray by commenting, tracking what others have to say, or linking to it from your blog.
