jericho at attrition.org
Tue Feb 10 02:52:40 UTC 2009
On Sun, 28 Sep 2008, George A. Theall wrote:
: I've noticed recently a lot of scans from Morpheus for soapCaller.bs; eg,
: 184.108.40.206 - - [27/Sep/2008:17:46:53 -0400] "GET /user/soapCaller.bs
: HTTP/1.1" 404 216 "-" "Morfeus Fucking Scanner"
: Does anyone know what vulnerability the scanner's trying to exploit?
Figured with time passing, more information would come to light.
Unfortunately, doesn't appear taht way.
Speculation it is XOOPS or Drupal related:
A site that seems to have and use soapCaller.bs, which may explain why a
scanner looks for it. If that is the name of the sample script and it
comes with a default..:
Another site that uses a 'sopcaller.bs'"
Rest of the hits on early pages of Google is talking about log activity,
nothing really helpful.
More information about the VIM