Finally, I have found an answer to my previous question. The security scanner that leave this signature is DFind.

Doh! like Homer Simpson 🙂 The word DFind is into the signature itself!
Anyway searching on Google I can find these URL:

http://heapoverflow.com
http://class101.org

DFind is one of the smallest security scanner tool and knowing the URL, you can download and check if your server can be compromised.

——————————————————————–

Ho scoperto finalmente che è DFind il programma che lascia questa strana stringa nei web server log.L’utility si trova qui:

http://heapoverflow.com
http://class101.org

P.S.: Thanks to Koon Yaw Tan


2 Comments

Mesut Safak DOGAN · January 18, 2007 at 03:55

Helo,

I have some entires on my server’s log file related with DFind but I see that the IP is belongs to Israel.

And please let me know if you get more information about this issue.

elblogg » Blog Archive » w00t? · March 25, 2008 at 13:48

[…] It is safe to assume that this is an attempt to hack me in some way, DFind is appearantly some kind of security scannerref. The same IPs are also bruteforcing some URLs (like /phpmyadmin etc..) looking for somthing fun to poke around with. […]

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *