Life, the Universe and Everything

Latest Comments

Another Visitor
If you guys are using nginx (EngineX) instead of Apache (slowpache) you can add this directive to your main server config and / or vhost include files. if ($http_user_agent ~* (Baiduspider|Jullo|Morfeus) ) { return 444;server { listen 80 default; server_name _; if ($http_user_agent ~* (Baiduspider|Jullo|Morfeus) ) { return 444; } access_log /usr/local/www/data/_default/access_default.log; server_name_in_redirect off; location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/www/data/_default$fastcgi_script_name; include fastcgi_params; } location / { index index.php index.html; root /usr/local/www/data/_default; error_page 404 error/404.html; } } As in the following "default" example (for anything that doesn't match any of my served domains):
08/05/10 @ 15:49

In response to: Update on Morfeus Fucking Scanner

Comment from: Richard

Richard
I just added "soapCaller" to my "custom keyword based blocker" which block not only their ip, but their whole subnet. This is something I cobbled together (1) Uses modsec to grep any of a list of keywords. (2) Sends the ip to a "whois" custom java program (3) This "whois" queries servers such as arin,ripe and gets the netblock range. (4) Makes an OS call to block the range (via iptables,netsh,ipseccmd,ipsecmod,etc)
05/14/10 @ 10:04

In response to: Update on Morfeus Fucking Scanner

Comment from: kyle

kyle
i set up an apache server on ubuntu recently, and i noticed this morfeus stuff on there, "Morefeus strikes again" and a bunch of requests. I don't really understand the http get and post stuff yet, so i was wondering if he had done anything bad. I got a bunch of 404s, but then it says internal dummy connection with what I think is the "option" command. maybe i did this, but i really dont know. mind taking a look? 95.211.24.2 - - [13/May/2010:01:25:08 -0400] "GET /mail/README HTTP/1.1" 404 470 "-" "Morfeus strikes again." 95.211.24.2 - - [13/May/2010:01:25:08 -0400] "GET /README HTTP/1.1" 404 467 "-" "Morfeus strikes again." ::1 - - [13/May/2010:01:25:09 -0400] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)" ::1 - - [13/May/2010:01:25:10 -0400] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)" ::1 - - [13/May/2010:01:25:11 -0400] "OPTIONS * HTTP/1.0" 200 152 "-" "Apache/2.2.12 (Ubuntu) (internal dummy connection)" Did he get in? or was that just something i did? message me if you want, i appreciate the help
05/14/10 @ 06:28
Bill Hernandez
There are only nine steps required : ( 1 ) Select the Classes folder, then the MyDocument.m file ( 2 ) Double Click on "MyDocument" next to the @implementation ( 3 ) Select MenuBar --> Edit --> Refactor and a dialog will appear ( 4 ) Rename should be selected from the popup menu, change the textField to "ParDocument" or whatever you want, and Click Preview, and Apply Button, and Wait till it is done. ( 5 ) At the top of the ParDocument.m file Double Click MyDocument, and do a CMD-E, and a CTRL-CMD-E, then a CMD-SHIFT-F ( 6 ) In the Replace field change MyDocument to ParDocument, or whatever you want. The popup menu's should have : "In Project" "Textual" "Whole words" ( 7 ) select all the items found and click on Replace, then hit Find again to make sure there are no more items found. ( 8 ) Open the Resources folder and rename MyDocument.xib to ParDocument.xib ( 9 ) Hit CMD-R to run, and you should see a document window open
03/21/10 @ 22:07
Aneeque
Hi, can you please let me know how can I display the choose application dialog. I have an application in which I am displaying the right click context menu and I have an option in that menu on click of which choose application dialog gets open, my problem is that I don't know how to open what are the carbon/cocoa API's through which this dialog gets displayed.
03/16/10 @ 03:10
Eric
This is still doing the rounds almost a year and a half later. I got called to help an elderly lady (who never even surfs the Web, let alone downloads!) who received this mail scam and another, apparently from the mediadefender.com domain, on the same day. Almost made her throw away her computer completely. ;-) Showing her this article (and the comments posted by others) convinced her of the falsity of these mails. Thanks!
02/15/10 @ 09:56

In response to: Thoughts on HDTVs

Comment from: Aaron Jackson

Aaron Jackson
Just stumbled across this old post of yours and was wondering if you'd ever changed your mind :) I've replaced every set in my house with HDTVs, and man was it worth it.
01/03/10 @ 07:56

In response to: Update on Morfeus Fucking Scanner

Comment from: Sam

Sam
I have nothing on my webserver, just a index.html page saying nothing is here. I have thousands of lines every day from this Morfeus. 94.102.209.172 - - [08/Dec/2009:13:01:05 +0000] "GET /cube/README HTTP/1.1" 404 288 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:05 +0000] "GET /round/README HTTP/1.1" 404 289 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:05 +0000] "GET /roundcube-0.2/README HTTP/1.1" 404 297 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:05 +0000] "GET /roundcube-0.1/README HTTP/1.1" 404 297 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:05 +0000] "GET /roundcubemail-0.1/README HTTP/1.1" 404 301 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:06 +0000] "GET /roundcubemail-0.2/README HTTP/1.1" 404 301 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:06 +0000] "GET /wm/README HTTP/1.1" 404 286 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:06 +0000] "GET /webmail2/README HTTP/1.1" 404 292 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:06 +0000] "GET /rms/README HTTP/1.1" 404 287 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:06 +0000] "GET /mail2/README HTTP/1.1" 404 289 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:07 +0000] "GET /mss2/README HTTP/1.1" 404 288 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:07 +0000] "GET /mss/README HTTP/1.1" 404 287 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:07 +0000] "GET /roundcubemail/README HTTP/1.1" 404 297 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:07 +0000] "GET /rc/README HTTP/1.1" 404 286 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:07 +0000] "GET /webmail/README HTTP/1.1" 404 291 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:08 +0000] "GET /roundcube/README HTTP/1.1" 404 293 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:08 +0000] "GET /mail/README HTTP/1.1" 404 288 "-" "Morfeus strikes again." 94.102.209.172 - - [08/Dec/2009:13:01:08 +0000] "GET /README HTTP/1.1" 404 283 "-" "Morfeus strikes again."
12/20/09 @ 11:38
MiDoX
Blocking UA and IP'S is nonsense Both can be faked Just be sure that the files scanned for don't exists on your server(or in case you want to play with the kids you could create the files with nice js scripts like The Love You virus etc.) but why wasting your time with this ?? just secure your servers and watch your logs on 200 status codes The 200 Status tells me that somebody received the file he asked for!!
11/23/09 @ 11:21
Brandon
You should use virtualbox becuase I know for a fact that virtual pc 2007 doesn't support Ubnuntu or any type of linux. I have tried doing this and I couldn't even get it to install. So guess you could say that you were lucky getting that far. Also virtualbox runs in OSX so you at least don't have to pay for a program like Parallels. Hope this gives ya some thoughts.
11/20/09 @ 15:46