Posted on

16-Apr-2007

Missing layout
for the blog. It came up with the default this morning. It could easily be repared but it shouldn’t happen in the first place. There must have been a glitch again in the PHP engine, it ahppens once in a while. something to ask on the bootcamp: When will there be a new (more up-to-date) PHP-engine?
Web redesign
is progessing slow – It tunred out I have the original pictures of a few days of 2003’s holiday, and what’s available needs to be redone to keep size as big as possible – near original. So that won’t happen for every day. Pity – but that’s life.
For 2004, 2005 and 2006 all pictures are available – and quite likely, I don’t have to do a lot for these.
Bootcamp ahead
I’m thinking of creating either a blog or forum for the bootcamp – I tried Phorum, as used by OpenVMS.org, but that would require MySQL 4.3, and the current version on VMS is 4.1 (I still haven’t located 5.0…), I have run it on a XPAMP machine and it looks good – there is much less available for it, some plugins and some about the view – but none that I really like. I could try WordPress 2.1 for that…
Stay tuned….

Posted on

Busy day

as the log shows for April 10th: two kiddies running scripts agains the webserver:
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET //README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde2//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde3//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde-3.0.5//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde-3.0.6//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:07 +0100] "GET /horde-3.0.7//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /horde-3.0.8//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /horde-3.0.9//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /mail//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /email//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /webmail//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /newmail//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /mails//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:09:54:08 +0100] "GET /mailz//README HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET //chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /chat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /phpchat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /PhpMyChat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /chatroom//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /chats//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /forum//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /php/phpmychat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /phpMyChat-0.14.2//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /phpMyChat-0.14.5//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:08 +0100] "GET /phpMyChat//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /phpMyChat-0.14.3//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /phpMyChat-0.14.4//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /chat1//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /chat2//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /chat3//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:02:09 +0100] "GET /community//chat/messagesL.php3 HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:04:25 +0100] "GET /cacti//graph_image.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:04:25 +0100] "GET /stats//graph_image.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:04:26 +0100] "GET //graph_image.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:09:59 +0100] "GET //xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:09:59 +0100] "GET //xmlrpc/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:09:59 +0100] "GET //xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:09:59 +0100] "GET //blog/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //drupal/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //community/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //blogs/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //blogs/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //blog/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //b2/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //wordpress/xmlrpc.php HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:10:00 +0100] "GET //phpgroupware/xmlrpc.php HTTP/1.1" 302 360

A new log needed to be loaded, it seems, because it was quiet for 6 minuets, and than:
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //cgi-bin/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //scgi-bin/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //cgi-bin/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:18 +0100] "GET //scgi-bin/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //cgi/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //scgi/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //scripts/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //cgi-bin/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //scgi-bin/awstats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //cgi-bin/stats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //scgi-bin/stats/awstats.pl HTTP/1.1" 302 360
217.115.141.165 - - [10/Apr/2007:10:16:19 +0100] "GET //stats/awstats.pl HTTP/1.1" 302 360
Just a few hours later, number two tried his script:
209.85.66.40 - - [10/Apr/2007:14:38:31 +0100] "GET /a1b2c3d4e5f6g7h8i9/nonexistentfile.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:32 +0100] "GET /adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:32 +0100] "GET /adserver/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:32 +0100] "GET /phpAdsNew/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:32 +0100] "GET /phpadsnew/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:33 +0100] "GET /phpads/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:33 +0100] "GET /Ads/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:33 +0100] "GET /ads/adxmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:34 +0100] "GET /xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:34 +0100] "GET /xmlrpc/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:34 +0100] "GET /xmlsrv/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:34 +0100] "GET /blog/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:35 +0100] "GET /drupal/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:35 +0100] "GET /community/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:35 +0100] "GET /blogs/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:36 +0100] "GET /blogs/xmlsrv/xmlrpc.php HTTP/1.0" 404 868
209.85.66.40 - - [10/Apr/2007:14:38:36 +0100] "GET /blog/xmlsrv/xmlrpc.php HTTP/1.0" 404 868
and what about:

217.199.186.146 - - [10/Apr/2007:18:36:24 +0100] "GET /guppy/ HTTP/1.0" 404 868
59.117.140.22 - - [10/Apr/2007:20:13:40 +0100] "GET http://www.scanproxy.com:80/p-80.html HTTP/1.0" 403 864
213.193.214.44 - - [11/Apr/2007:09:00:49 +0100] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 893
(The latter shows up more often from different IP addresses).

I’ll need to enhance the scanning-script a bit to remover references now showing up that i know are legal.