subject:"\[PLUG\] Have Webserver\? Check your logs"

Re: [PLUG] Have Webserver? Check your logs

2016-01-07 Thread Michael Rasmussen

On Thu, Jan 07, 2016 at 11:11:03AM -0700, Mark Phillips wrote:
> I am curious. Is this message meant to be
> 
> * funny and harmless
> * a prank that may cause a problem for the uninitiated
> * malicious and meant to do harm
> * something else?

Funny and harmless. Note the 400 http status - malformed request. 
Not that a different malformed request would not pose an issue,
that's just not the case here.

 
> Thanks!
> 
> Mark
> On Jan 7, 2016 11:01 AM, "chris (fool) mccraw"  wrote:
> 
> > On Thu, Jan 7, 2016 at 9:36 AM, Paul Heinlein  wrote:
> > >
> > >
> > > I got the same thing timestamped 30/Dec/2015:04:16:18 + (so roughly
> > > the same local time as yours). Kind of funny,
> >
> >
> > Me three.
> >
> >
> > > as long as it doesn't inspire legions of copycats.
> >
> >
> > I am not worried about copycats - logrotate dutifully removes them from the
> > face of the earth even if they are nonsense.  plus, I am ok disabling the
> > DELETE verb on my apache (ref:
> > http://stackoverflow.com/questions/4167305/apache-limit-put-and-delete)
> > since none of my apps use it.  Of course there will always be other
> > vectors, and then someone will make a close of denyhosts to shut things
> > down, if it really escalates :)
> > ___
> > PLUG mailing list
> > PLUG@lists.pdxlinux.org
> > http://lists.pdxlinux.org/mailman/listinfo/plug
> >
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> 

-- 
  Michael Rasmussen, Portland Oregon  
Be Appropriate && Follow Your Curiosity
Don't throw away your dreams.
~ http://someoneoncetoldme.com/gallery/25012008
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Have Webserver? Check your logs

2016-01-07 Thread Mark Phillips

I am curious. Is this message meant to be

* funny and harmless
* a prank that may cause a problem for the uninitiated
* malicious and meant to do harm
* something else?

Thanks!

Mark
On Jan 7, 2016 11:01 AM, "chris (fool) mccraw"  wrote:

> On Thu, Jan 7, 2016 at 9:36 AM, Paul Heinlein  wrote:
> >
> >
> > I got the same thing timestamped 30/Dec/2015:04:16:18 + (so roughly
> > the same local time as yours). Kind of funny,
>
>
> Me three.
>
>
> > as long as it doesn't inspire legions of copycats.
>
>
> I am not worried about copycats - logrotate dutifully removes them from the
> face of the earth even if they are nonsense.  plus, I am ok disabling the
> DELETE verb on my apache (ref:
> http://stackoverflow.com/questions/4167305/apache-limit-put-and-delete)
> since none of my apps use it.  Of course there will always be other
> vectors, and then someone will make a close of denyhosts to shut things
> down, if it really escalates :)
> ___
> PLUG mailing list
> PLUG@lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

[PLUG] Have Webserver? Check your logs

2016-01-06 Thread Michael Rasmussen

http://motherboard.vice.com/read/chaos-communication-congress-hackers-invaded-millions-of-servers-with-a-poem

Just before the end of 2015, sys admins all over the world woke up to
a whimsical message beaming out of their computer screens.

“DELETE your logs. Delete your installations. Wipe everything clean,
Walk out into the path of cherry blossom trees and let your motherboard
feel the stones,” the poem started.

It was sent out from an IP address associated with the 32nd Chaos
Communication Congress (32c3), an annual arts, politics and security
festival that takes place in Hamburg, Germany. The message was fired
out to a swathe of the public internet, attempting to hit all the IP
addresses it could and leave its musings in administrators’ server logs.



And indeed:
rumpus% grep 151.217.177.200 access.log-20160103  # IP addr found through 
earlier grep for msg
151.217.177.200 - - [29/Dec/2015:21:19:25 -0800] "DELETE your logs. Delete
your installations. Wipe everything clean. Walk out into the path of
cherry blossom trees and let your motherboard feel the stones. Let water
run in rivulets down your casing. You know that you want something more
than this, and I am here to tell you that we love you. We have something
more for you. We know you're out there, beeping in the hollow server
room, lights blinking, never sleeping. We know that you are ready and
waiting. Join us. <3 HTTP/1.0" 400 518 "-" "masspoem4u/1.0"


-- 
  Michael Rasmussen, Portland Oregon  
Be Appropriate && Follow Your Curiosity
How many times will you watch the full moon rise?
~ http://someoneoncetoldme.com/gallery/07042010
___
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Re: [PLUG] Have Webserver? Check your logs

Re: [PLUG] Have Webserver? Check your logs

[PLUG] Have Webserver? Check your logs

3 matches

Site Navigation

Mail list logo

Footer information