webserver probes for php detection

[Alexander Reelsen <ref () tretmine org>]

Hiya

I'm seeing several of these probes today. Five requests, always in one
second. Makes me think this is pretty automated ;)
The webserver is very small, doesn't host any high traffic site, so this
seems to be a scanner and is not specifically targeted.

Seems someone is seeking for a special PHP version. Is there a new exploit
or just a kiddie search for old php versions? Anyone up for news?

pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100]
  "GET /index.php HTTP/1.0" 404 203 "-" "-"
pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100]
  "GET /main.php HTTP/1.0" 404 202 "-" "-"
pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100]
  "GET /phpinfo.php HTTP/1.0" 404 205 "-" "-"
pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100]
  "GET /test.php HTTP/1.0" 404 202 "-" "-"
pd9ee3ea9.dip.t-dialin.net - - [13/Feb/2003:13:43:56 +0100]
  "GET /index.php3 HTTP/1.0" 404 204 "-" "-"

I'm not really worried, just wanted to note it might be better to upgrade
to latest versions or even better, drop php ;-)

Especially the phpinfo page might reveal a lot about your configuration.


MfG/Regards, Alexander

-- 
Alexander Reelsen   http://tretmine.org
ref () tretmine org

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com