Curios log files

[TPerry]

Before I go digging WAY into Google I figured some folks here would be up to date on what this may be (look almost like trying a buffer overflow?).
Found TONS of these in my nginx access log file - all from the same IP (Hetzner Online AG).

78.46.33.198 - - [14/Aug/2013:14:27:33 -0500] "GET /misc/style?redirect=%2Fmisc%2Fstyle%3Fredirect%3D%252Fmisc%252Fstyle%253Fredirect%253D%25252Fmisc%25252Fstyle%25253Fredirect%25253D%2525252Fmisc%2525252Fstyle%2525253Fredirect%2525253D%252525252Fmisc%252525252Fstyle%252525253Fredirect%252525253D%25252525252Fmisc%25252525252Fstyle%25252525253Fredirect%25252525253D%2525252525252Fmisc%2525252525252Fstyle%2525252525253Fredirect%2525252525253D%252525252525252Fmisc%252525252525252Fstyle%252525252525253Fredirect%252525252525253D%25252525252525252Fmisc%25252525252525252Fstyle%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmisc%2525252525252525252Fstyle%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmisc%252525252525252525252Fstyle%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fforums%25252525252525252525252Fother-dyna-models.223%25252525252525252525252F%25252525252525252525253Forder%25252525252525252525253Dview_count&style_id=12 HTTP/1.0" 400 650 "http://twowheeldemon.com/misc/style?redirect=%2Fmisc%2Fstyle%3Fredirect%3D%252Fmisc%252Fstyle%253Fredirect%253D%25252Fmisc%25252Fstyle%25253Fredirect%25253D%2525252Fmisc%2525252Fstyle%2525253Fredirect%2525253D%252525252Fmisc%252525252Fstyle%252525253Fredirect%252525253D%25252525252Fmisc%25252525252Fstyle%25252525253Fredirect%25252525253D%2525252525252Fmisc%2525252525252Fstyle%2525252525253Fredirect%2525252525253D%252525252525252Fmisc%252525252525252Fstyle%252525252525253Fredirect%252525252525253D%25252525252525252Fmisc%25252525252525252Fstyle%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmisc%2525252525252525252Fstyle%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmisc%252525252525252525252Fstyle%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fforums%25252525252525252525252Fother-dyna-models.223%25252525252525252525252F%25252525252525252525253Forder%25252525252525252525253Dview_count" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36"

 

[Jeremy]

Its recursively setting a redirect back to itself. I'm not sure how its receiving that redirect tho.

 

[TPerry]

Its recursively setting a redirect back to itself. I'm not sure how its receiving that redirect tho.

Crazy thing is, I don't have a /misc directory under the root. Only thing I did was change
listen 80;
server_name www.twowheeldemon.com m.twowheeldemon.com;
return 301 http://twowheeldemon.com$uri;
to
listen 80;
server_name www.twowheeldemon.com m.twowheeldemon.com;
return 301 http://twowheeldemon.com$request_uri;

 

[Paul B]

The /misc/ is a XenForo route, e.g. http://xenforo.com/community/misc/style?redirect=/community/threads/curios-log-files.57562/

 

[TPerry]

The /misc/ is a XenForo route, e.g. http://xenforo.com/community/misc/style?redirect=/community/threads/curios-log-files.57562/

OK, I see that directs you to the styles you can select. Is there a way to prevent that from being browsed to directly?
I do not have any styles as selectable for the end user. This kind of defeats the purpose if they can get to it even though it is not listed as a selectable style.
Does it also effect any other areas?

 

[Floren]

I have no entries like that in my logs.

[root@hermes ~]# grep '/misc/style' /var/log/nginx/localhost.access.*
[root@hermes ~]#

 

[TPerry]

I have no entries like that in my logs.

And neither does my two other forums running on another server with the same setup. That's why I was curios. Beginning to think it's some kinda screwy bot of some type. Not that worried about it really as all it does is add some extra bytes to the log file.
Found this when Googling the IP: https://www.projecthoneypot.org/ip_78.46.33.198
So it looks more and more like some kinda screwed up BOT.