So, I come on to check some of my stats today on one of my blogs and what do you know, I see a user agent called “Morfeus Fucking Scanner“. Of course this caught my attention so I did a little research on it.

The bot seems to be a PHP vulnerability scanner for a not very well known exploit. “Morfeus Fucking Scanner” attempted to access the directory “/user/soapCaller.bs“. If you do an inurl:soapCaller.bs in Google you will see that there are only 2-3 results. To me it looks like this script is an open source software that is not very well known.

According to several people you can add the following code below to your .htaccess file to prevent this bot from doing anything in the future. Even though I do recommend adding this to your .htaccess file, I don’t believe its really needed as the “soapCaller.bs” seems to not be used by any popular software.

# Start of .htaccess change.
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Morfeus
RewriteRule ^.*$ - [F]
# End of .htaccess change.

If I come across any updates regarding the “Morfeus Fucking Scanner” User Agent I will update this post.