Bingbot REQUEST_URI

Home Forums BulletProof Security Free Bingbot REQUEST_URI

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #40291
    Brad
    Participant

    We have frequent log entries that all look similar. All of the IPs that I’ve checked resolve to Microsoft, so it does look like they are bingbot requests. The pages have an Instagram feed on them, using a plugin by Smash Balloon. It’s working fine, but that must be where the URIs in the request are coming from. I’m not familiar with requests that have info in braces but, assuming that’s valid, it looks like it might not be getting parsed correctly. Any insight would be appreciated.

    [403 GET Request: May 21, 2021 - 4:39 pm]
    BPS: 4.8
    WP: 5.7.2
    Event Code: BFHS - Blocked/Forbidden Hacker or Spammer
    Solution: N/A - Hacker/Spammer Blocked/Forbidden
    REMOTE_ADDR: 40.77.167.25
    Host Name: msnbot-40-77-167-25.search.msn.com
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /blog/2017/02/mybetter/{\"d\":\"https:////scontent-ort2-1.cdninstagram.com//v//t51.2885-15//97264437_570400016927149_7203022675889773551_n.jpg?_nc_cat=103&_nc_sid=8ae9d6&_nc_ohc=Fn0drUbJkZUAX8ireeD&_nc_ht=scontent-ort2-1.cdninstagram.com&oh=427a9b7299f6016e6fbfbd99804858e3&oe=5F0B482C\",\"150\":\"https:\\/\\/www.instagram.com\\/p\\/CABaVgnBRFH\\/media?size=t\",\"320\":\"https:\\/\\/www.instagram.com\\/p\\/CABaVgnBRFH\\/media?size=m\",\"640\":\"https:\\/\\/scontent-ort2-1.cdninstagram.com\\/v\\/t51.2885-15\\/97264437_570400016927149_7203022675889773551_n.jpg?_nc_cat=103&_nc_sid=8ae9d6&_nc_ohc=Fn0drUbJkZUAX8ireeD&_nc_ht=scontent-ort2-1.cdninstagram.com&oh=427a9b7299f6016e6fbfbd99804858e3&oe=5F0B482C\"}
    QUERY_STRING: _nc_cat=103&_nc_sid=8ae9d6&_nc_ohc=Fn0drUbJkZUAX8ireeD&_nc_ht=scontent-ort2-1.cdninstagram.com&oh=427a9b7299f6016e6fbfbd99804858e3&oe=5F0B482C\",\"150\":\"https:\\/\\/www.instagram.com\\/p\\/CABaVgnBRFH\\/media?size=t\",\"320\":\"https:\\/\\/www.instagram.com\\/p\\/CABaVgnBRFH\\/media?size=m\",\"640\":\"https:\\/\\/scontent-ort2-1.cdninstagram.com\\/v\\/t51.2885-15\\/97264437_570400016927149_7203022675889773551_n.jpg?_nc_cat=103&_nc_sid=8ae9d6&_nc_ohc=Fn0drUbJkZUAX8ireeD&_nc_ht=scontent-ort2-1.cdninstagram.com&oh=427a9b7299f6016e6fbfbd99804858e3&oe=5F0B482C\"}
    HTTP_USER_AGENT: Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)
    #40292
    AITpro Admin
    Keymaster

    The Request is simulating an RFI hacking attempt.  Do the steps in this forum topic to fix the problem > https://forum.ait-pro.com/forums/topic/wp-mail-smtp-plugin-403-error/ Let me know if you need any additional help.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.