PHP漏洞扫描—morfeus fucking scanner

作者:易隐者 发布于:2012-7-23 18:01 Monday 分类:网络安全

       近段时间在用户处做监测分析时,发现某个互联网的IP与用户的服务器之间交互的TCP会话流量很小,且交互数据包、字节等参数数值较为一致,属于特征比较明显的现象。我们通过科来的TCP会话重组功能,发现了使用的User-Agentmorfeus fucking scanner如下图所示:


    我们通过google搜索关键词:morfeus fucking scanner,查看相关文章,确认其为针对PHP的漏洞扫描行为。

下面将罗列一篇简要介绍morfeus fucking scanner的文章。




Update on Morfeus Fucking Scanner

In one of my earlier blogs, I commented that I was seeing a strange user agent in my stats. This user agent went by the name of 'Morfeus Fucking Scanner'. This name obviously caught my eye. I seriously doubt a legitimate user agent would be called that.

In that blog, I asked if anyone had any information on it. I got several replies, which you can see in the comments on that blog. It turns out that Morfeus is a scanner that looks for vulnerabilities in PHP based web sites (as this one is). I guess it failed to find any vulnerabilities in my blogging software because I haven't noticed any problems, or additional files are anything.

One commenter, by the name of Haans Gruber, even provided a solution to prevent it. Interesting name there Haans, either it's a coincidence or he's a big fan of the Die Hard movies... Haans Gruber was the name of the main villain in the first Die Hard movie. Anyway, the solution he provided was to add the following code to your web sites '.htaccess' file. Note that this change will only work for Apache based web servers. If you are running IIS, I'm sure there is a similar way to do it, but you are on your own. Here's the fix:

# Start of .htaccess change.
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Morfeus
RewriteRule ^.*$ - [F]
# End of .htaccess change.

I've added this fix to my site's .htaccess file. Let's see if it helps.

Thanks Haans!

标签: morfeus fucking scanner PHP漏洞扫描

当前平均分: 10.0(5 次打分)

版权所有:《蚂蚁网-多维人生,三实而立!》 => 《PHP漏洞扫描—morfeus fucking scanner
除非注明,文章均为 《蚂蚁网-多维人生,三实而立!》 原创,欢迎转载!转载请注明本文地址,谢谢。


Powered by 易隐者 基于emlog 皖ICP备12002343号-1