Yesterday I checked the logs on one of my personal servers and discovered the following:
18.104.22.168 – – [30/Dec/2015:02:54:11 +0000] “DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you’re out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0” 400 2593 “-” “masspoem4u/1.0”
22.214.171.124 – – [30/Dec/2015:02:54:11 +0000] […same…]
A quick bit of research showed the event to be the work of massscan…but recompiled to run as masspoem. Looks to have been a world-wide prank by the CCC; this is what they told VICE:
“We attempted connections to the entire public IPv4 space (excluding private/reserved ranges and other blocks excluded in the default masscan exclude list), meaning that we reached out to almost 4 billion servers (though many of these packets may have been filtered by a firewall before reaching their intended destination),” Masspoem4u said.
The actual number of systems reached would be lower. “There appear to be approximately 55 million servers open to connections on port 80 (the standard port for HTTP),” the group continued — these servers could have recognised the communication being sent. Of those, around 30 million returned “non-empty responses” and therefore “would be likely to have logged our poem.”
We are proud to have been in that “exclusive” 30 million club….