Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How do i resolve Server Error 500 Question Question
FTP Not Working Question Question

Question

Strange URL in my Access Log (http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css)

Posted June 12, 2020 772 views
ApacheUbuntu 16.04

I was reviewing my Access log on my Droplet with Ubuntu and Apache and found a ton of entries with different IP address redirecting to a URL that doesn’t belong to me. Here’s an example of a few entries in my Access log:

74.211.23.20 - - [12/Jun/2020:01:22:01 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”
92.221.111.23 - - [12/Jun/2020:01:24:11 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”
95.43.63.16 - - [12/Jun/2020:01:24:37 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”

Any ideas how this happening and how to stop it?

Add a comment
bbeams
By:
bbeams

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
How do i resolve Server Error 500 Question Question
FTP Not Working Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
KFSys June 12, 2020

Hi @bbeams,

It seems you have this bootstrap cdn configured somewhere in your application. You should be able to find it using grep. Here is what I’ll try 

grep -ril 'yastatic.net'/path/to/your/website

This should display the files in which yastatic.net is actually in. From there you can find it in the files.

Since this is a bootstrap cdn, I believe this would be from your theme. Most themes use bootstrap but a little bit reworked for their needs.

Regards,
KDSys

Reply Report
  • bbeams June 12, 2020

    Hi KDSys,

    Thanks for your response. I did the search you recommended and non of my files are referencing ‘yastatic.net’. Also I’m not using a bootstrap theme, I wrote my own code referencing a local copy of the bootstrap files that are hosted on my server. From what I can find online it seems that various servers are trying to use my server/IP address to access the bootstrap files that are hosted on 'yastatic.net’ to prevent their IP address from being exposed. FYI, the IP addresses in the Access Log are from countries all over the world, not just the US. My question is how do I prevent this. The proxy module is disabled on my Apache server.

    Reply Report
    • KFSys June 14, 2020

      Well, I’ll recommend either blocking those IP addresses with your firewall or denying access to ever one that tries to open that url from your .htaccess or if you are using Nginx in your configuration file.

      Regards,
      KDSys

      Reply Report

Related

Looking for something else?

Ask a new question Search for more help