• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Curios log files

Tracy Perry

Well-known member
#1
Before I go digging WAY into Google I figured some folks here would be up to date on what this may be (look almost like trying a buffer overflow?).
Found TONS of these in my nginx access log file - all from the same IP (Hetzner Online AG).

Code:
78.46.33.198 - - [14/Aug/2013:14:27:33 -0500] "GET /misc/style?redirect=%2Fmisc%2Fstyle%3Fredirect%3D%252Fmisc%252Fstyle%253Fredirect%253D%25252Fmisc%25252Fstyle%25253Fredirect%25253D%2525252Fmisc%2525252Fstyle%2525253Fredirect%2525253D%252525252Fmisc%252525252Fstyle%252525253Fredirect%252525253D%25252525252Fmisc%25252525252Fstyle%25252525253Fredirect%25252525253D%2525252525252Fmisc%2525252525252Fstyle%2525252525253Fredirect%2525252525253D%252525252525252Fmisc%252525252525252Fstyle%252525252525253Fredirect%252525252525253D%25252525252525252Fmisc%25252525252525252Fstyle%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmisc%2525252525252525252Fstyle%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmisc%252525252525252525252Fstyle%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fforums%25252525252525252525252Fother-dyna-models.223%25252525252525252525252F%25252525252525252525253Forder%25252525252525252525253Dview_count&style_id=12 HTTP/1.0" 400 650 "http://twowheeldemon.com/misc/style?redirect=%2Fmisc%2Fstyle%3Fredirect%3D%252Fmisc%252Fstyle%253Fredirect%253D%25252Fmisc%25252Fstyle%25253Fredirect%25253D%2525252Fmisc%2525252Fstyle%2525253Fredirect%2525253D%252525252Fmisc%252525252Fstyle%252525253Fredirect%252525253D%25252525252Fmisc%25252525252Fstyle%25252525253Fredirect%25252525253D%2525252525252Fmisc%2525252525252Fstyle%2525252525253Fredirect%2525252525253D%252525252525252Fmisc%252525252525252Fstyle%252525252525253Fredirect%252525252525253D%25252525252525252Fmisc%25252525252525252Fstyle%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmisc%2525252525252525252Fstyle%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmisc%252525252525252525252Fstyle%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fforums%25252525252525252525252Fother-dyna-models.223%25252525252525252525252F%25252525252525252525253Forder%25252525252525252525253Dview_count" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36"
 

Tracy Perry

Well-known member
#3

Tracy Perry

Well-known member
#5

Tracy Perry

Well-known member
#7
I have no entries like that in my logs.
And neither does my two other forums running on another server with the same setup. That's why I was curios. Beginning to think it's some kinda screwy bot of some type. Not that worried about it really as all it does is add some extra bytes to the log file.
Found this when Googling the IP: https://www.projecthoneypot.org/ip_78.46.33.198
So it looks more and more like some kinda screwed up BOT.
 
Last edited: