Posted on January 6, 2016 by CELO NET
30 Million Web Server Logs Invaded with Poetry
[bold]Unknown “hackers” sent out a mass message containing a piece of poetry to all Web servers on the Internet, of which over 30 million acknowledged and then logged the message.[/bold]
The mass broadcast was sent out on December 30 from an IPv4 address in Hamburg, Germany. Webmasters that noticed the message dug around and found out that the address was temporarily assigned, only for the month of December, to the hosts of the 32nd Chaos Communication Congress, a renowned security conference.
In an email exchange with Vice, the hackers behind this message, going under the name of Masspoem4u, said they did it only for fun, and it was never meant to be intrusive.
The group admitted to being fans of the Chaos Communication Congress and said they used a tool launched at last year’s conference (MASSSCAN) to broadcast their poem.
[bold]Just a one-time thing, don’t expect poetry in your HTTP logs each Monday[/bold]
MASSSCAN, an Internet port scanner, allowed the Masspoem4u group to create a list of all IPv4 addresses that had the 80 port open (a classic Web server). They then created a custom HTTP packet containing their poem and then sent one to each server on their list.
Very few Web server admins noticed the log entry on their own, before being alerted via Twitter. Most sysadmins had a positive reaction. The full message is as follows:
“DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you’re out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us.”
Nex ~ Claudio @botherder
I woke up this morning and found this lovely message from a CCC IP address in my server logs.
Jordan Bowman @jordancbowman
Found an interesting HTTP request in my Apache logs today… #masspoem4u
Dixie Flatline @meursalt
One of my customers got the #CCC #masspoem4u 🙂