Skip to content

DEV Community

Michael Buckbee

Posted on Oct 19, 2023

Can you tell what this bot is doing?

#security #devops

Look at the timing, IPs, and paths in the above list of web requests to this site (domain changed for privacy).

Answer: it’s a bot using 🇨🇳 Chinese proxy servers, probing for compressed, manually backed-up copies of the site that are kept on the server.

Backups that might have API keys, ENV files, or other high-value targets.

We discovered this with Wafris, as the site doesn’t have an API, so the User-Agent was unusual.

Top comments (0)

Subscribe

Read next

Beware of Spring Boot Actuator Endpoint env: A Security Alert

Igor Venturelli - Oct 30

Comparing 3 Docker container runtimes - Runc, gVisor and Kata Containers

Ákos Takács - Oct 29

Most Commonly Used Docker Commands!

Srikanth Jana - Oct 29

Access Microsoft 365 resources from custom on premise application

Kinga - Oct 29

Michael Buckbee

I'm a developer and security researcher currently building an open-source Web Application Firewall at https://wafris.org

Location

Virginia
Pronouns

He/Him
Work

Founder
Joined

Oct 17, 2023

Are Apple App Association Files Risky?

#mobile #security #devops

Risky Click Text Editor Edition

#webdev #javascript #security #frontend