> However, they say the problem is on function.php and
> I'm seeing them on index.php. Can anyone confirm that?
I've been seeing this kind of requests for quite a long time;
susprisingly, they seem to have disappeared in the last week or so. If you
look at the script it was trying to download and execute, you'll find that
it's pretty much the standard perlbot
(http://handlers.sans.org/jullrich/perlbot.html)
with some adjustments for this particular vulnerability/irc server
information.
> However, they say the problem is on function.php and
> I'm seeing them on index.php. Can anyone confirm that?
I've been seeing this kind of requests for quite a long time;
susprisingly, they seem to have disappeared in the last week or so. If you
look at the script it was trying to download and execute, you'll find that
it's pretty much the standard perlbot
(http://handlers.sans.org/jullrich/perlbot.html)
with some adjustments for this particular vulnerability/irc server
information.
Peter
--
[Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278
[ reply ]