I was reviewing my Access log on my Droplet with Ubuntu and Apache and found a ton of entries with different IP address redirecting to a URL that doesn’t belong to me. Here’s an example of a few entries in my Access log:
74.211.23.20 - - [12/Jun/2020:01:22:01 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36” 92.221.111.23 - - [12/Jun/2020:01:24:11 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36” 95.43.63.16 - - [12/Jun/2020:01:24:37 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”
Any ideas how this happening and how to stop it?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi @bbeams,
It seems you have this bootstrap cdn configured somewhere in your application. You should be able to find it using grep. Here is what I’ll try
This should display the files in which
yastatic.net
is actually in. From there you can find it in the files.Since this is a bootstrap cdn, I believe this would be from your theme. Most themes use bootstrap but a little bit reworked for their needs.
Regards, KDSys