Bots threatening CMS with unpatched PHP weaknesses!

Recent example for drupalgedon2 & drupalgedon3 →
Associated url: hxxp://54.39.23.28/1sh
for the 1sh issue read: https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/850232/
https://www.webiron.com/file_lookup/2837661bd35755340f4677d8748cf297
You could see there a.o. settings_auto.php being exploited,
see: https://github.com/04x/ICG-AutoExploiterBoT/blob/master/AutoExploit.py

Very important for all admins and users to fully patch and update their website CMS software, themes and plug-ins.
This process is known as Safeguarding.
Sharing a simple scanner for personal use: https://github.com/0x4148/Drupalgeddon2_scanner

polonus (volunteer website security analyst and website error-hunter)

To just explain why php-based CMS websites remain a vulnerability as such, effectively when we see info proliferation
of webserver info - like Apache/2.0.55 Ubuntu mod_ldap_userdir/1.1.11 PHP/4.4.2-1.1 mod_vhost_ldap/1.0.0 ; now given as Apache 2.2.11
Unix, website has jQuery 1.6.2., PHP 4.4.9 - network

hxtp://www.zveno.com Netblock Owner iiNet Limited Domain zveno.com Nameserver -ns2.iinethosting.net.au IP address 202.72.184.18 DNS admin pfarmer@iinet.net.au IPv6 address Not Present Reverse DNS -parking.westnethosting.com.au Domain registrar distributeit.com.au Nameserver organisation unknown Organisation Peter Farmer, 24 Cowper Rd, Sorrento, 6020, Australia Hosting company TPG Internet Top Level Domain Commercial entities (.com) DNS Security Extensions unknown
info Netcraft repoirt , no x-content-type-options header, no x-xss-protection header, no x-frame-options, no CSP, no cache-control. Reversed address: -parking.webnethosting.com.au

See: https://urlscan.io/result/aa090380-fb74-48f4-b9b3-ea59d1a0584b/

IP address 202.72.184.18 where we get more info via -http://members.iinet.au/~pfarmer
where normally that host cannot be resolved - however extra links, - books on XML htxp://www.amazon.com/exec/obidos/ASIN/0764547607/zvenoxmlspecial -htxp://images.amazon.com/images/P/0764547607.01.TZZZZZZZ.jpg -htxp://www.amazon.com/exec/obidos/ASIN/0764547771/zvenoxmlspecial htxp://images.amazon.com/images/P/0764547771.01.TZZZZZZZ.jpg htxp://www.amazon.com/exec/obidos/ASIN/1565925807/zvenoxmlspecial 1
htxp://images.amazon.com/images/P/1565925807.01.TZZZZZZZ.jpg 1
htxp://www.amazon.com/exec/obidos/ASIN/1884777872/zvenoxmlspecial 1
htxp://images.amazon.com/images/P/1884777872.01.TZZZZZZZ.jpg 1

WESTNET-AS-AP Westnet Internet Services could do a better job of hiding such links from scans.

IP has been reported for PHISHING 10 times, and -zveno.com, seen 6 times in last 30 days.

polonus (volunteer website security analyst and website error-hunter)