Interesting scanner
I know I'm probably the only one in this island that thinks this as interesting, but nevertheless...
It's normal for the web server to get scanned by other "inquisitive" people/machines/bots, but this tool looks pretty interesting... Will dig deeper into this later.
The scanners typically try to detect whether I'm running certain vulnerable versions of web apps for them to exploit. So when the web app does not exist, guess what happens? 
This particular scan was interesting, because of the user agent field. Check it out:
200.6.121.56 - - [17/Jul/2010:14:51:06 +0800] "GET /roundcubemail-0.1//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:06 +0800] "GET /bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:06 +0800] "GET /wm//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:06 +0800] "GET /webmail//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:06 +0800] "GET /webmail2//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:05 +0800] "GET /rms//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:05 +0800] "GET /roundcubemail//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:05 +0800] "GET /mail2//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:05 +0800] "GET /mail//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:04 +0800] "GET /mss2//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
200.6.121.56 - - [17/Jul/2010:14:51:04 +0800] "GET /rc//bin/msgimport HTTP/1.1" 404 136 "-" "Toata dragostea mea pentru diavola"
If anyone knows more about this particular scanner, feel free to comment and share!
Edit (19 Jul): it seems that I've joined the ranks of those who've been scanned one way or another. Apparently it is in Romanian, meaning "All my love for the devil".
More automation needed
Although I've managed to configure the server such that there's a fair amount of automation for appropriate tasks (phone homes, automated monitoring and basic defenses), the time needed daily to monitor/maintain it still adds up...and is unreasonable collectively.
Looks like I'll have to look into further automating some of the tasks...
Metasploitable!
Metasploit now has a utility to allow people to practise pentesting on a controlled environment. Termed "Metasploitable", I'm guessing it is because it is "pwnable"
It's basically an Ubuntu 8.04 server on a VMware 6.5 image, running plenty of old and vulnerable services. Yummy!
It is available to Metasploit Express customers from the Customer Center, and for the rest of us peeps, it's freely available for download via Bittorrent. (a bit slow, but I'll try to seed this for as long as possible when I managed to get it entirely)
More info at the blog post.
[via Metasploit Blog]