Contributing Scan Signatures

[mitchellkrogza]

Anyone who wishes to contribute any scan signatures found in their web server logs, please send a Pull Request on the exploits.list file

[troyengel]

I'm not sure what this is, Google-fu is failing me - I'm finding hundreds of these attempts per week in my logs:

"GET /admin/assets/js/views/login.js HTTP/1.1" 301 260 "-" "python-requests/2.19.1"

All are coming from one single IP (some 2000 hits in the logs laying around for November) and it's been reported by others here: https://www.abuseipdb.com/check/87.251.81.86 (added my report as well just now)

I think this might be something related to Node.js, but as I can't seem to find definitive information it's unclear if this is a good addition to the exploits.list. I notice a very sharp uptick in my logs starting the week of 2018-11-11 to 2018-11-18, it went from around 10-50 per week before that to 700+ per week starting then, either it was my server "found" by the botnet, or it's some fresh exploit? $0.02 on a "maybe?" that's popped up, hope this helps!

[yuriyvolkov]

@troyengel I think it might be FreePBX https://git.freepbx.org/projects/FREEPBX/repos/framework/browse/amp_conf/htdocs/admin/assets/js/views/login.js?at=bfb36fa7ac70c2e642257dbcd99a1799e19ea743

Source of login.js - framework - FreePBX GIT