Keeping an eye on logs is boring… but mandatory! Hopefully, sometimes it can reveal funny stuffs! It looks like people at the CCC are having some fun too while their annual conference is ongoing…

Here is what I got in my Apache logs this morning:

151 . 217 . 177 . 200 - - [ 30 / Dec / 2015 : 06 : 51 : 22 + 0100 ] " DELETE your logs . \ Delete your installations . Wipe everything clean . Walk out into the \ path of cherry blossom trees and let your motherboard feel the stones . \ Let water run in rivulets down your casing . You know that you want something \ more than this , and I am here to tell you that we love you . We have something \ more for you . We know you ' re out there , beeping in the hollow server room , \ lights blinking , never sleeping . We know that you are ready and waiting . \ Join us . < 3 HTTP / 1 . 0 " 400 415 " - " " masspoem4u / 1 . 0"

This IP address belongs to the CCC (AS 13020) an it looks very active in the DShield database. A SANS ISC reader already reported the same event. I’m curious about the number of hits they made and, more interesting, how many people will detect it.Â This is the funniest event I ever found in my logs…