Fuckin wid da script kiddies..

I noticed, some time ago, that someone had searched for "c99.php" here at corz.org. You can view recent searches at the foot of corzoogle's results. I immediately recognized this script from the umpteen copies that have landed in my uploads folder over the years.1  Ahh.. Script Kiddies!

By sheer coincidence (I'm using "coincidence" as a technical term, of course; there is no such thing) the GoogleBot happened to pass by corzoogle at this exact time, and before long, that link was appearing in Google results for c99.php, which led them to another search here for c99.php, and so on.

that's right! These guys have so little skill that they search for existing shell scripts, things careless webmaster might leave around, and so on - bottom feeders, basically. The only problem is, I don't have a copy of c99.php running on-site, never have2.

So I thought to myself.. Why not add one!  smiley for :idea:

So that's exactly what I did, or, at least, that's what it looks like I did. This is my idea of a practical joke..

At first, it was a simple HTML mock-up, plucked from a regular browser rendering of a real copy of c99.php running on Oshi, my trusty local Linux laptop. I put one simple php command inside, which; on receiving a GET command (i.e. someone tried to DO something3); inserts a big red header, which reads..

Yeah Rrright! Hahaha!!!


Right at the top. In HUGE red letters. And no matter how many widgets and controls you try, that's all you get, There's no actual code there, aside from the big red header; it's plain HTML. Once you get the message, it's obvious! But does that stop these nitwits trying to get it to do something, over and over and over again? NO!

Oblivious to the HUGE RED lettering, these fools would load the page a dozen times, convinced that they would get to "hack a web site", at last, be heroes among their peers. Eventually, of course, their attention span gets the better of them, and they move on to the next potentially easy target.

In fact, the page did so well at the search engines, and the link amazingly found its way into so many so-called "Hacker" forums, that I had to start considering the impact on server resources!

But it's a great gag, so instead of removing it, I replaced the title with a FAR more obvious PARAGRAPH, outlining the entire joke, and how it was on them, and how what the script really does, is send their IP address to their ISP's "responsible person", notifying them of their user's abusive behaviour. This is a second joke! Remember, aside from the header, there is no code! it's plain old HTML!

And, I'm laughing as I type this, now, of course, no one tries the controls any more than once, right?   Wrong! They still try and get it do DO something, sometimes over and over and over again. smiley for :lol: I get a kick every time login to my admin page. I must be easily amused.

for now..

;o) Cor

references:
1. "c99" is a fairly useful shell script, allowing you to control a website from the web. Almost total control, in fact. Of course, no sane web master would ever have a copy running somewhere that someone else could get to it. So-called web hackers try and upload this script to unsuspecting web sites, and then login to it, and do all sorts of nefarious things, post pictures of their penis, and so on. I get around a half dozen variants of this script in my uploads folder every day, though of course, my clever upload script adds a .txt extension, rendering them harmless.

2. corzoogle for "ungabungaboogiebaby"; and for a short while, that link exists, at the foot of all corzoogle results; but it still doesn't mean anything. Also, you'll get no hits! Well, okay, NOW you will! smiley for :ken:

3. I switched all POST forms to GET, to simplify things. Previously they were mixed - basically, do *anything*, and you get the joke. Or not; if you're thick.

4. If you've never seen c99, feel free to check out mine. Note the use of enticing password file and fictional tools! But remember, it doesn't DO anything!

Question and ---

Google: "slackware 11" deluge package

THE most annoying thing about this kind of search result, is the lack of a "NO!" button, right next to where it says "Did you mean: Blah Blah Blah".

I'm human, after all.

Oh, and if anyone has such a package, let me know! For that old laptop of mine, 11 is as far as I can go1.

for now..

;o) Cor

references:
1. At least, as far as it can go without some serious geekery, which I'm not up for at the moment. At any rate, Slack 11 is superb, and There's always deluge (and dependency) source packages I can set to compile, overnight or something. it's an old Toshiba Pentium 133, you see; I've probably mentioned "Oshi" before - perhaps the most reliable computer I've owned, at least since I retired by BBC Micro, long, long ago.

It happily runs Apache, with all my dev mirrors, sendmail, ftp server, the works; even a nice KDE desktop to lift the lid for, once in a blue moon; and does it all at a very respectable speed; unless I'm compiling something from source, that is.

 ©  2017 « corz.org » 17.2.27  

Welcome to corz.org!

If something isn't working, I'm probably improving it, try again in a minute. If it's still not working, please mail me!