Re: High volume of Mambo scans

[Peter Kosinar <goober () ksp sk>]

Hello Daniel,

> However, they say the problem is on function.php and
> I'm seeing them on index.php. Can anyone confirm that?

I've been seeing this kind of requests for quite a long time; 
susprisingly, they seem to have disappeared in the last week or so. If you 
look at the script it was trying to download and execute, you'll find that 
it's pretty much the standard perlbot 
(http://handlers.sans.org/jullrich/perlbot.html)
with some adjustments for this particular vulnerability/irc server 
information.

Peter

--
[Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278