1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Curios log files

Discussion in 'Server Configuration and Hosting' started by Tracy Perry, Aug 14, 2013.

  1. Tracy Perry

    Tracy Perry Well-Known Member

    Before I go digging WAY into Google I figured some folks here would be up to date on what this may be (look almost like trying a buffer overflow?).
    Found TONS of these in my nginx access log file - all from the same IP (Hetzner Online AG).

    Code:
    78.46.33.198 - - [14/Aug/2013:14:27:33 -0500] "GET /misc/style?redirect=%2Fmisc%2Fstyle%3Fredirect%3D%252Fmisc%252Fstyle%253Fredirect%253D%25252Fmisc%25252Fstyle%25253Fredirect%25253D%2525252Fmisc%2525252Fstyle%2525253Fredirect%2525253D%252525252Fmisc%252525252Fstyle%252525253Fredirect%252525253D%25252525252Fmisc%25252525252Fstyle%25252525253Fredirect%25252525253D%2525252525252Fmisc%2525252525252Fstyle%2525252525253Fredirect%2525252525253D%252525252525252Fmisc%252525252525252Fstyle%252525252525253Fredirect%252525252525253D%25252525252525252Fmisc%25252525252525252Fstyle%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmisc%2525252525252525252Fstyle%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmisc%252525252525252525252Fstyle%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fforums%25252525252525252525252Fother-dyna-models.223%25252525252525252525252F%25252525252525252525253Forder%25252525252525252525253Dview_count&style_id=12 HTTP/1.0" 400 650 "http://twowheeldemon.com/misc/style?redirect=%2Fmisc%2Fstyle%3Fredirect%3D%252Fmisc%252Fstyle%253Fredirect%253D%25252Fmisc%25252Fstyle%25253Fredirect%25253D%2525252Fmisc%2525252Fstyle%2525253Fredirect%2525253D%252525252Fmisc%252525252Fstyle%252525253Fredirect%252525253D%25252525252Fmisc%25252525252Fstyle%25252525253Fredirect%25252525253D%2525252525252Fmisc%2525252525252Fstyle%2525252525253Fredirect%2525252525253D%252525252525252Fmisc%252525252525252Fstyle%252525252525253Fredirect%252525252525253D%25252525252525252Fmisc%25252525252525252Fstyle%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmisc%2525252525252525252Fstyle%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmisc%252525252525252525252Fstyle%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fforums%25252525252525252525252Fother-dyna-models.223%25252525252525252525252F%25252525252525252525253Forder%25252525252525252525253Dview_count" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36"
    
     
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    Its recursively setting a redirect back to itself. I'm not sure how its receiving that redirect tho.
     
  3. Tracy Perry

    Tracy Perry Well-Known Member

  4. Brogan

    Brogan XenForo Moderator Staff Member

  5. Tracy Perry

    Tracy Perry Well-Known Member

    OK, I see that directs you to the styles you can select. Is there a way to prevent that from being browsed to directly?
    I do not have any styles as selectable for the end user. This kind of defeats the purpose if they can get to it even though it is not listed as a selectable style.
    Does it also effect any other areas?
     
  6. Floren

    Floren Well-Known Member

    I have no entries like that in my logs.
     
  7. Tracy Perry

    Tracy Perry Well-Known Member

    And neither does my two other forums running on another server with the same setup. That's why I was curios. Beginning to think it's some kinda screwy bot of some type. Not that worried about it really as all it does is add some extra bytes to the log file.
    Found this when Googling the IP: https://www.projecthoneypot.org/ip_78.46.33.198
    So it looks more and more like some kinda screwed up BOT.
     
    Last edited: Aug 15, 2013

Share This Page