Skip to content

DEV Community

Michael Buckbee

Posted on Oct 19, 2023

Can you tell what this bot is doing?

#security #devops

Look at the timing, IPs, and paths in the above list of web requests to this site (domain changed for privacy).

Answer: it’s a bot using 🇨🇳 Chinese proxy servers, probing for compressed, manually backed-up copies of the site that are kept on the server.

Backups that might have API keys, ENV files, or other high-value targets.

We discovered this with Wafris, as the site doesn’t have an API, so the User-Agent was unusual.

Top comments (0)

Subscribe

Read next

AWS Automated Centralized Multi Account Patching

StintriLamah - May 6

Getting Started With Terraform For Infrastructure Provisioning 🛠️

Angel Oduro-Temeng Twumasi - Jun 19

Why is Kubernetes Debugging so Problematic?

Shai Almog - Jun 4

Getting my feet wet with Kubernetes

brahms116 - Jun 9

Michael Buckbee

I'm a developer and security researcher currently building an open-source Web Application Firewall at https://wafris.org

Location

Virginia
Pronouns

He/Him
Work

Founder
Joined

Oct 17, 2023

Are Apple App Association Files Risky?

#mobile #security #devops

Risky Click Text Editor Edition

#webdev #javascript #security #frontend