Question

Strange URL in my Access Log (http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css)

Posted June 12, 2020 308 views
ApacheUbuntu 16.04

I was reviewing my Access log on my Droplet with Ubuntu and Apache and found a ton of entries with different IP address redirecting to a URL that doesn’t belong to me. Here’s an example of a few entries in my Access log:

74.211.23.20 - - [12/Jun/2020:01:22:01 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”
92.221.111.23 - - [12/Jun/2020:01:24:11 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”
95.43.63.16 - - [12/Jun/2020:01:24:37 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”

Any ideas how this happening and how to stop it?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi @bbeams,

It seems you have this bootstrap cdn configured somewhere in your application. You should be able to find it using grep. Here is what I’ll try

grep -ril 'yastatic.net'/path/to/your/website

This should display the files in which yastatic.net is actually in. From there you can find it in the files.

Since this is a bootstrap cdn, I believe this would be from your theme. Most themes use bootstrap but a little bit reworked for their needs.

Regards,
KDSys

  • Hi KDSys,

    Thanks for your response. I did the search you recommended and non of my files are referencing ‘yastatic.net’. Also I’m not using a bootstrap theme, I wrote my own code referencing a local copy of the bootstrap files that are hosted on my server. From what I can find online it seems that various servers are trying to use my server/IP address to access the bootstrap files that are hosted on 'yastatic.net’ to prevent their IP address from being exposed. FYI, the IP addresses in the Access Log are from countries all over the world, not just the US. My question is how do I prevent this. The proxy module is disabled on my Apache server.

    • Well, I’ll recommend either blocking those IP addresses with your firewall or denying access to ever one that tries to open that url from your .htaccess or if you are using Nginx in your configuration file.

      Regards,
      KDSys

Submit an Answer