Is someone trying to brute force my file names? How silly. The correct answer was... index.shtml! Oooh.... better luck next time. The consolation prize is that you look like an idiot:
    68.105.37.41 - - [06/Sep/2004:21:39:41 -0700] "GET /~rsnake/ HTTP/1.1" 200 926 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.51 [en]"
    68.105.37.41 - - [06/Sep/2004:21:40:09 -0700] "GET /~rsnake/ HTTP/1.1" 200 926 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.51 [en]"
    68.105.37.41 - - [06/Sep/2004:21:41:23 -0700] "GET /~rsnake/index.html HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.51 [en]"
    68.105.37.41 - - [06/Sep/2004:21:41:27 -0700] "GET /~rsnake/index.htm HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.51 [en]"
    68.105.37.41 - - [06/Sep/2004:21:41:40 -0700] "GET /~rsnake/index.html HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.51 [en]"
    68.105.37.41 - - [06/Sep/2004:21:41:47 -0700] "GET /~rsnake/main.html HTTP/1.1" 404 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.51 [en]"


I think the sys-admin was on crack that day:
    $ ping steroid
    PING steroid.ecst.csuchico.edu: 64 byte packets
    ----steroid.ecst.csuchico.edu PING Statistics----
    15 packets transmitted, 0 packets received, 100% packet loss
    $ finger -ns
    [jowels]
    finger: bg_fingerd last wrote to its datafile 19 min ago--
    $ last rsnake
    Memory fault
    $ AHHHHHHHHHH!!
    ksh: AHHHHHHHHHH!!: not found


HaXored by FunWebProducts spyware:
    68.201.173.172 - - [06/Sep/2004:17:03:22 -0700] "GET /~rsnake/trillianremote.html HTTP/1.1" 200 11226 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts-MyWay; .NET CLR 1.0.3705)"


#hackphreak newbies:
    <fuct> would it be hard for you guys to do
    <RSnake> bust people for being retarded?
    <fuct> no. get access to that site
    #hackphreak fuct H ~x@bgp01386842bgs.brodwy01.nm.comcast.net (Someone)
    <RSnake> What's the website again?
    <fuct> http://www.mhhe.com/engcs/chemical/mccabe/instructor/sm.mhtml
    <fuct> go to one of the chapters
    <RSnake> mailto:abuse@mhhe.com?Subject=user at bgp01386842bgs.brodwy01.nm.comcast.net at 4:32pst is trying to haX0r you
    RSnake busts one more retarded person.


Someone tried to inject this into one of my CGI scripts. Sorry, buddy, wrong language, and wrong haX0r:
    REMOTE_ADDR = 213.11.58.163
    <?php $log=fopen("index.php","r"); $lect=fread($log,1000); fclose($log); ?>


This one still cracks me up. He must have been tired:
    $ echo "Did it work?" |write yojason
    $ w | grep yojason
    yojason ttyrd 4:34pm 3 yes


Is someone trying to do some XSS against me? Hmmm... buddy, have you even bothered to look at my website? My favorite is the last one... it would help to spell it correctly. ;)
    REMOTE_ADDR = 202.183.177.220
    1. hmmm
    2. <'script'>alert(0)<'/script'>
    3. <script>document.write(document.cookie);</script>
    4. <script'>document.write(document.cookie);</script>
    5. \\><script>document.write(document.cookie);</script>
    6. \\><<script>document.write(document.cookie);</script>
    7. \\><<<script>document.write(document.cookie);</script>
    8. \\><<script'>>document.write(document.cookie);</script>
    9. <'<script'>>document.write(document.cookie);</script>
    10. <'<script'>;document.write(document.cookie);</script>
    11. <'script'>;document.write(document.cookie);</script>
    12. <' script '>;document.write(document.cookie);</script>
    13. < script '>;document.write(document.cookie);</script>
    14. < script >;document.write(document.cookie);</script>
    15. &lt; script >;document.write(document.cookie);</script>
    16. document.write(document.cookie)
    17. <script>
    18. <^M script^M >^M document.wirte(document.cookie);^M </script>


Hmm... I'm on Google's bad guy watch list (I wish I had actually done something worthy of this honor). It also appears they haven't yet figured out how to mask referrers so you get to see what their internal network looks like. They're also using an outdated version of Firefox at the time they looked at my page.


And what about this Google employee... auditing his own code with my site. Guess you have some work to do there. Bummer:


Nice job buddy, next time try hacking other people's sites without leaving logs all over my server. Ugh.


Same with these guys.


Yet another one.


I found this convo on a page linking to mine and thought it was hilarious:
    Austin says:
    http://ha.ckers.org/imagecrash.html
    Ŧŷşon says:
    DO YOU FUCKING THINK THAT WAS FUNNY
    Ŧŷşon says:
    YOUR A CUNT

      Ŧŷşon has left the conversation.

    Austin says:
    ahahaha
    Austin says:
    did ur comp freeze for a while?
    Ŧŷşon says:
    I'M seriously gonna kick ur ass
    Ŧŷşon says:
    It shut my whole fucking comp off
    Austin says:
    AHAHHAHA
    Austin says:
    woot
    Ŧŷşon says:
    Probally deleted my recent torrents
    Austin says:
    maybe
    Ŧŷşon says:
    I'm kicking your ass
    Austin says:
    lol


This is a funny one, I threw up on fthe.net:

Hilarious one from a friend of mine:
    Id: $50 for a Mac mouse? It's only got one button!




Written in vim, W3C valid and UTF-8 encoded, for her pleasure.
All rights reserved, all wrongs observed.
© 2001-2013 RSnake