Bis interimitur qui suis armis perit - SANS Internet Storm Center

Bis interimitur qui suis armis perit
Rick wrote in with a log snippet showing someone out there actively scanning his webserver for an installation of horde: 2007-08-08 05:49:33 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde/README 2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /README 2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /Horde/README 2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde-3.0.9/README 2007-08-08 05:49:31 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde3/README 2007-08-08 05:49:31 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde2/README 2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /Horde/README 2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde-3.0.9/README 2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde3/README 2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde2/README My guess: they're looking to find boxes to exploit with CVE-2006-1491 If you're using horde, make sure that the version you're running is up-to-date. Not running horde? Make sure: horde is one of those things that admins will often install to "try it out..." You might want to take a quick look around, just to be sure. Nothing worse than getting whacked by your own tools... Anyone else seeing scanning like this? (Also, if you haven't picked up on the diary title drift yet, your kindly narrator has decided to try to class the joint up a bit... Anyone know the source of that quote?)	Tom 160 Posts Aug 8th 2007
Thread locked Subscribe	Aug 8th 2007 1 decade ago