Wednesday, December 30, 2015

Chaos Computer Club is leaving funny notes in web server logs UPDATED

Taking care of some web development headaches this morning, I took a peek at my log data and came across an interesting message generated from a connection initiated by 151.217.0.0/16, part of the ASN 13020 that is owned by Berlin's Chaos Computer Club:

151.217.177.200 - - [30/Dec/2015:02:12:11 +0000] "DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you're out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0" 400 226 "-" "masspoem4u/1.0"

The good people over at /dev/random appear to have already gotten off a brief post about this oddity, noting that SANS ISC is already noting the traffic.

I'm not sure what this if there is any purpose to this; the request is obviously malformed but I haven't taken a very close look at it yet. For what its worth, CCC has for decades now been home to some very talented hackers and are not the sort of folks that would send out a whole bunch of bad traffic just to be assholes. I'll try to send an email or drop by their IRC and ask what this is all about and update here if I get a response.

###UPDATE 2016-01-13: I emailed the abuse contact for CCC's netblock range and sent a message to all of the CCC Twitter accounts I could find. I haven't received any response. In looking up CCC's contact info I noticed that the appearance of the stupid log haikus coincides somewhat with the 32nd Chaos Computer Club Congress (#32C3). It seems likely that someone released masspoem4u while in attendance.

No comments:

Post a Comment