Previously I wrote a blog post about the ByroeNet/Casper-Like bot scanners, and relate that the most important evolution of these scanners where the integration of e107 RCE (EDB-ID : 12715) and LFI vulnerabilities exploitations. I created a rule to monitor precisely the activity of theses e107 dedicated exploitations.

Here under you can find real time graphs for the e107 RCE vulnerability.

Monthly event activity for rule 1010043

Monthly event activity for rule 1010043

Montly TOP 10 Source IPs for rule 1010043

Montly TOP 10 Source IPs for rule 1010043