Looking for information on logs from Mambo or Joomla

Hi there,

I studied the mambo attack for a while!

The big problem with the source the attackers use is that
one hacker can hack a site from another hacker using the
same scripts! 

i.e. if i successfully compromise a site and it is under my
control another attacker would be able to take control of
that host when the same script is executed by the other
attacker. Thus, it makes it a cat and mouse game of who owns
that system for a short period of time!

Once a few sites have been hacked the attackers connect to
the irc server and connect as one of the administrators.
(The names of these can be found in the scripts they use)
Then they use those hacked hosts to DoS (UDP Flood) targets
of their choice.

Anyone can connect to these irc servers as there are
normally no authentication or security on these servers.

Once connected to the server you can change your nick to one
of the admins (one that is not connected at the moment  ) and
execute a DoS on a target if you know the commands the irc
server accepts.

The DoS command I got hold of are 

!say udpflood ip_address packet_size time_in_seconds

Then there is another command that will tell the hacked
systems to search google for vulnerable hosts and exploit
those holes if vulnerable!

I have large logfiles with information in them pertaining to
this attack method.

All attacks was blocked with mod_security though!

Thanks

Lohan