Question

Strange URL in my Access Log (http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css)

I was reviewing my Access log on my Droplet with Ubuntu and Apache and found a ton of entries with different IP address redirecting to a URL that doesn’t belong to me. Here’s an example of a few entries in my Access log:

74.211.23.20 - - [12/Jun/2020:01:22:01 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36” 92.221.111.23 - - [12/Jun/2020:01:24:11 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36” 95.43.63.16 - - [12/Jun/2020:01:24:37 -0600] “GET http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1” 301 553 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”

Any ideas how this happening and how to stop it?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi @bbeams,

It seems you have this bootstrap cdn configured somewhere in your application. You should be able to find it using grep. Here is what I’ll try

grep -ril 'yastatic.net'/path/to/your/website

This should display the files in which yastatic.net is actually in. From there you can find it in the files.

Since this is a bootstrap cdn, I believe this would be from your theme. Most themes use bootstrap but a little bit reworked for their needs.

Regards, KDSys