Missing layout
for the blog. It came up with the default this morning. It could easily be repared but it shouldn’t happen in the first place. There must have been a glitch again in the PHP engine, it ahppens once in a while. something to ask on the bootcamp: When will there be a new (more up-to-date) PHP-engine?
Web redesign
is progessing slow – It tunred out I have the original pictures of a few days of 2003’s holiday, and what’s available needs to be redone to keep size as big as possible – near original. So that won’t happen for every day. Pity – but that’s life.
For 2004, 2005 and 2006 all pictures are available – and quite likely, I don’t have to do a lot for these.
Bootcamp ahead
I’m thinking of creating either a blog or forum for the bootcamp – I tried Phorum, as used by OpenVMS.org, but that would require MySQL 4.3, and the current version on VMS is 4.1 (I still haven’t located 5.0…), I have run it on a XPAMP machine and it looks good – there is much less available for it, some plugins and some about the view – but none that I really like. I could try WordPress 2.1 for that…
Stay tuned….
Busy day
as the log shows for April 10th: two kiddies running scripts agains the webserver:
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET //README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde2//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde3//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde-3.0.5//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde-3.0.6//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde-3.0.7//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /horde-3.0.8//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /horde-3.0.9//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /mail//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /email//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /webmail//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /newmail//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /mails//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /mailz//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET //chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /chat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /phpchat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /PhpMyChat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /chatroom//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /chats//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /forum//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /php/phpmychat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /phpMyChat-0.14.2//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /phpMyChat-0.14.5//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /phpMyChat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /phpMyChat-0.14.3//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /phpMyChat-0.14.4//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /chat1//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /chat2//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /chat3//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /community//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:04:25 +0100] "GET /cacti//graph_image.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:04:25 +0100] "GET /stats//graph_image.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:04:26 +0100] "GET //graph_image.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:09:59 +0100] "GET //xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:09:59 +0100] "GET //xmlrpc/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:09:59 +0100] "GET //xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:09:59 +0100] "GET //blog/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //drupal/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //community/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //blogs/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //blogs/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //blog/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //b2/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //wordpress/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //phpgroupware/xmlrpc.php HTTP/1.1" 302 360
A new log needed to be loaded, it seems, because it was quiet for 6 minuets, and than:
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //cgi-bin/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //scgi-bin/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //cgi-bin/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //scgi-bin/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //cgi/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //scgi/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //scripts/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //cgi-bin/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //scgi-bin/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //cgi-bin/stats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //scgi-bin/stats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //stats/awstats.pl HTTP/1.1" 302 360
Just a few hours later, number two tried his script:
209.85.66.40 - - [10/Apr/2007:14:38:31 +0100] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:32 +0100] "GET /adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:32 +0100] "GET /adserver/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:32 +0100] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:32 +0100] "GET /phpadsnew/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:33 +0100] "GET /phpads/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:33 +0100] "GET /Ads/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:33 +0100] "GET /ads/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:34 +0100] "GET /xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:34 +0100] "GET /xmlrpc/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:34 +0100] "GET /xmlsrv/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:34 +0100] "GET /blog/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:35 +0100] "GET /drupal/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:35 +0100] "GET /community/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:35 +0100] "GET /blogs/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:36 +0100] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:36 +0100] "GET /blog/xmlsrv/xmlrpc.php HTTP/1.0" 404 868
and what about:
217.199.186.146 - - [10/Apr/2007:18:36:24 +0100] "GET /guppy/ HTTP/1.0" 404 868
59.117.140.22 - - [10/Apr/2007:20:13:40 +0100] "GET http://www.scanproxy.com:80/p-80.html HTTP/1.0" 403 864
213.193.214.44 - - [11/Apr/2007:09:00:49 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 893
(The latter shows up more often from different IP addresses).
I’ll need to enhance the scanning-script a bit to remover references now showing up that i know are legal.