SysKoll wrote:The listed addresses seem to be worm-owned machines who are trying to propagate their worm or to find a PHP weakness. PHP unfortunately offers several flaws that can be remotely exploited, and the worms are doublessly trying to do that.
As far as a quick scan determined, every machine in the list is a Windows box.
Thanks. Can you give me any hints about scanning the boxes? For example, is it possible to determine an owner of the machine to contact and let them know they're infected?
You seem to have several different payloads scanning your machine. Some are trying to find PHP misconfigured servers, others are hunting for misconfigured webmail systems (Horde).
Bottom line is, make sure your security is tight, and don't run Windows out there.
Is there a link or two you could point me to describing these types of misconfigurations and weaknesses so that I'll have a better idea of what precisely I need to do to keep my security tight?
Appreciate the reply.. thanks very much! And, btw, I own and run *nothing* from Microsoft!
Bob