Fuckin wid da script kiddies..I noticed, some time ago, that someone had searched for "c99.php" here at corz.org. You can view recent searches at the foot of corzoogle's results. I immediately recognized this script from the umpteen copies that have landed in my uploads folder over the years.1 Ahh.. Script Kiddies!
By sheer coincidence (I'm using "coincidence" as a technical term, of course; there is no such thing) the GoogleBot happened to pass by corzoogle at this exact time, and before long, that link was appearing in Google results for c99.php, which led them to another search here for c99.php, and so on.
that's right! These guys have so little skill that they search for existing shell scripts, things careless webmaster might leave around, and so on - bottom feeders, basically. The only problem is, I don't have a copy of c99.php running on-site, never have2.
So I thought to myself.. Why not add one!
So that's exactly what I did, or, at least, that's what it looks like I did. This is my idea of a practical joke..
At first, it was a simple HTML mock-up, plucked from a regular browser rendering of a real copy of c99.php running on Oshi, my trusty local Linux laptop. I put one simple php command inside, which; on receiving a GET command (i.e. someone tried to DO something3); inserts a big red header, which reads..
Yeah Rrright! Hahaha!!!
Right at the top. In HUGE red letters. And no matter how many widgets and controls you try, that's all you get, There's no actual code there, aside from the big red header; it's plain HTML. Once you get the message, it's obvious! But does that stop these nitwits trying to get it to do something, over and over and over again? NO!
Oblivious to the HUGE RED lettering, these fools would load the page a dozen times, convinced that they would get to "hack a web site", at last, be heroes among their peers. Eventually, of course, their attention span gets the better of them, and they move on to the next potentially easy target.
In fact, the page did so well at the search engines, and the link amazingly found its way into so many so-called "Hacker" forums, that I had to start considering the impact on server resources!
But it's a great gag, so instead of removing it, I replaced the title with a FAR more obvious PARAGRAPH, outlining the entire joke, and how it was on them, and how what the script really does, is send their IP address to their ISP's "responsible person", notifying them of their user's abusive behaviour. This is a second joke! Remember, aside from the header, there is no code! it's plain old HTML!
And, I'm laughing as I type this, now, of course, no one tries the controls any more than once, right? Wrong! They still try and get it do DO something, sometimes over and over and over again. I get a kick every time login to my admin page. I must be easily amused.
2. corzoogle for "ungabungaboogiebaby"; and for a short while, that link exists, at the foot of all corzoogle results; but it still doesn't mean anything. Also, you'll get no hits! Well, okay, NOW you will!
3. I switched all POST forms to GET, to simplify things. Previously they were mixed - basically, do *anything*, and you get the joke. Or not; if you're thick.
4. If you've never seen c99, feel free to check out mine. Note the use of enticing password file and fictional tools! But remember, it doesn't DO anything!