I recently setup a new server, and one hour after I downloaded the latest php distribution, I start to get attacks on the site. Those attacks were at php itself.

From the logs it looks like a classic stack overflow attack, especially the one that pulls a gif - Pull the gif, cd into /tmp, download a file and run it. Subtle…

It looks to me that someone is scanning the access logs from the php distribution sites. Unfortunately I can't remember which one I pulled it from…