Re: [PLUG] Have Webserver? Check your logs
On Thu, Jan 07, 2016 at 11:11:03AM -0700, Mark Phillips wrote: > I am curious. Is this message meant to be > > * funny and harmless > * a prank that may cause a problem for the uninitiated > * malicious and meant to do harm > * something else? Funny and harmless. Note the 400 http status - malformed request. Not that a different malformed request would not pose an issue, that's just not the case here. > Thanks! > > Mark > On Jan 7, 2016 11:01 AM, "chris (fool) mccraw"wrote: > > > On Thu, Jan 7, 2016 at 9:36 AM, Paul Heinlein wrote: > > > > > > > > > I got the same thing timestamped 30/Dec/2015:04:16:18 + (so roughly > > > the same local time as yours). Kind of funny, > > > > > > Me three. > > > > > > > as long as it doesn't inspire legions of copycats. > > > > > > I am not worried about copycats - logrotate dutifully removes them from the > > face of the earth even if they are nonsense. plus, I am ok disabling the > > DELETE verb on my apache (ref: > > http://stackoverflow.com/questions/4167305/apache-limit-put-and-delete) > > since none of my apps use it. Of course there will always be other > > vectors, and then someone will make a close of denyhosts to shut things > > down, if it really escalates :) > > ___ > > PLUG mailing list > > PLUG@lists.pdxlinux.org > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Michael Rasmussen, Portland Oregon Be Appropriate && Follow Your Curiosity Don't throw away your dreams. ~ http://someoneoncetoldme.com/gallery/25012008 ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Have Webserver? Check your logs
I am curious. Is this message meant to be * funny and harmless * a prank that may cause a problem for the uninitiated * malicious and meant to do harm * something else? Thanks! Mark On Jan 7, 2016 11:01 AM, "chris (fool) mccraw"wrote: > On Thu, Jan 7, 2016 at 9:36 AM, Paul Heinlein wrote: > > > > > > I got the same thing timestamped 30/Dec/2015:04:16:18 + (so roughly > > the same local time as yours). Kind of funny, > > > Me three. > > > > as long as it doesn't inspire legions of copycats. > > > I am not worried about copycats - logrotate dutifully removes them from the > face of the earth even if they are nonsense. plus, I am ok disabling the > DELETE verb on my apache (ref: > http://stackoverflow.com/questions/4167305/apache-limit-put-and-delete) > since none of my apps use it. Of course there will always be other > vectors, and then someone will make a close of denyhosts to shut things > down, if it really escalates :) > ___ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Have Webserver? Check your logs
http://motherboard.vice.com/read/chaos-communication-congress-hackers-invaded-millions-of-servers-with-a-poem Just before the end of 2015, sys admins all over the world woke up to a whimsical message beaming out of their computer screens. “DELETE your logs. Delete your installations. Wipe everything clean, Walk out into the path of cherry blossom trees and let your motherboard feel the stones,” the poem started. It was sent out from an IP address associated with the 32nd Chaos Communication Congress (32c3), an annual arts, politics and security festival that takes place in Hamburg, Germany. The message was fired out to a swathe of the public internet, attempting to hit all the IP addresses it could and leave its musings in administrators’ server logs. And indeed: rumpus% grep 151.217.177.200 access.log-20160103 # IP addr found through earlier grep for msg 151.217.177.200 - - [29/Dec/2015:21:19:25 -0800] "DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you're out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0" 400 518 "-" "masspoem4u/1.0" -- Michael Rasmussen, Portland Oregon Be Appropriate && Follow Your Curiosity How many times will you watch the full moon rise? ~ http://someoneoncetoldme.com/gallery/07042010 ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug