Skip to content

DEV Community

Michael Buckbee

Posted on Oct 19, 2023

Can you tell what this bot is doing?

#security #devops

Look at the timing, IPs, and paths in the above list of web requests to this site (domain changed for privacy).

Answer: it’s a bot using 🇨🇳 Chinese proxy servers, probing for compressed, manually backed-up copies of the site that are kept on the server.

Backups that might have API keys, ENV files, or other high-value targets.

We discovered this with Wafris, as the site doesn’t have an API, so the User-Agent was unusual.

Top comments (0)

Subscribe

Read next

Globally Replicated Services for the Rest of Us

Jonas Scholz - Nov 17

Session Management, Tokens & Refresh Tokens

Sudhi Ranjan Gupta - Oct 27

Introduction to Docker Compose

Arif Hossain - Nov 9

Dataverse Security Roles

david wyatt - Nov 18

Michael Buckbee

I'm a developer and security researcher currently building an open-source Web Application Firewall at https://wafris.org

Location

Virginia
Pronouns

He/Him
Work

Founder
Joined

Oct 17, 2023

Are Apple App Association Files Risky?

#mobile #security #devops

Risky Click Text Editor Edition

#webdev #javascript #security #frontend