Bingbot REQUEST_URI

Home Forums BulletProof Security Free Bingbot REQUEST_URI

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • May 22, 2021 at 2:03 pm #40291
    Brad
    Participant

    We have frequent log entries that all look similar. All of the IPs that I’ve checked resolve to Microsoft, so it does look like they are bingbot requests. The pages have an Instagram feed on them, using a plugin by Smash Balloon. It’s working fine, but that must be where the URIs in the request are coming from. I’m not familiar with requests that have info in braces but, assuming that’s valid, it looks like it might not be getting parsed correctly. Any insight would be appreciated.

    [403 GET Request: May 21, 2021 - 4:39 pm]
BPS: 4.8
WP: 5.7.2
Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
Solution: N/A - Hacker/Spammer Blocked/Forbidden
REMOTE_ADDR: 40.77.167.25
Host Name: msnbot-40-77-167-25.search.msn.com
SERVER_PROTOCOL: HTTP/1.0
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER:
REQUEST_URI: /blog/2017/02/mybetter/{\"d\":\"https:////scontent-ort2-1.cdninstagram.com//v//t51.2885-15//97264437_570400016927149_7203022675889773551_n.jpg?_nc_cat=103&_nc_sid=8ae9d6&_nc_ohc=Fn0drUbJkZUAX8ireeD&_nc_ht=scontent-ort2-1.cdninstagram.com&oh=427a9b7299f6016e6fbfbd99804858e3&oe=5F0B482C\",\"150\":\"https:\\/\\/www.instagram.com\\/p\\/CABaVgnBRFH\\/media?size=t\",\"320\":\"https:\\/\\/www.instagram.com\\/p\\/CABaVgnBRFH\\/media?size=m\",\"640\":\"https:\\/\\/scontent-ort2-1.cdninstagram.com\\/v\\/t51.2885-15\\/97264437_570400016927149_7203022675889773551_n.jpg?_nc_cat=103&_nc_sid=8ae9d6&_nc_ohc=Fn0drUbJkZUAX8ireeD&_nc_ht=scontent-ort2-1.cdninstagram.com&oh=427a9b7299f6016e6fbfbd99804858e3&oe=5F0B482C\"}
QUERY_STRING: _nc_cat=103&_nc_sid=8ae9d6&_nc_ohc=Fn0drUbJkZUAX8ireeD&_nc_ht=scontent-ort2-1.cdninstagram.com&oh=427a9b7299f6016e6fbfbd99804858e3&oe=5F0B482C\",\"150\":\"https:\\/\\/www.instagram.com\\/p\\/CABaVgnBRFH\\/media?size=t\",\"320\":\"https:\\/\\/www.instagram.com\\/p\\/CABaVgnBRFH\\/media?size=m\",\"640\":\"https:\\/\\/scontent-ort2-1.cdninstagram.com\\/v\\/t51.2885-15\\/97264437_570400016927149_7203022675889773551_n.jpg?_nc_cat=103&_nc_sid=8ae9d6&_nc_ohc=Fn0drUbJkZUAX8ireeD&_nc_ht=scontent-ort2-1.cdninstagram.com&oh=427a9b7299f6016e6fbfbd99804858e3&oe=5F0B482C\"}
HTTP_USER_AGENT: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)
    May 22, 2021 at 4:06 pm #40292
    AITpro Admin
    Keymaster

    The Request is simulating an RFI hacking attempt.  Do the steps in this forum topic to fix the problem > https://forum.ait-pro.com/forums/topic/wp-mail-smtp-plugin-403-error/ Let me know if you need any additional help.

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.