Bis interimitur qui suis armis perit

Published: 2007-08-08. Last Updated: 2007-08-08 16:45:59 UTC
by Tom Liston (Version: 1)
0 comment(s)

Rick wrote in with a log snippet showing someone out there actively scanning his webserver for an installation of horde:

2007-08-08 05:49:33 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde/README
2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /README
2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /Horde/README
2007-08-08 05:49:32 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde-3.0.9/README
2007-08-08 05:49:31 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde3/README
2007-08-08 05:49:31 xxxxxx XXXXXXX 192.168.aaa.aaa GET /horde2/README
2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /Horde/README
2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde-3.0.9/README
2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde3/README
2007-08-08 05:49:45 xxxxxx XXXXXXX 192.168.bbb.bbb GET /horde2/README

My guess: they're looking to find boxes to exploit with CVE-2006-1491

If you're using horde, make sure that the version you're running is up-to-date.  Not running horde?  Make sure: horde is one of those things that admins will often install to "try it out..."  You might want to take a quick look around, just to be sure.  Nothing worse than getting whacked by your own tools...

Anyone else seeing scanning like this?

(Also, if you haven't picked up on the diary title drift yet, your kindly narrator has decided to try to class the joint up a bit...  Anyone know the source of that quote?)

Keywords:
0 comment(s)

Comments


Diary Archives