search

mitchellkrogza / nginx-ultimate-bad-bot-blocker

Nginx Block Bad Bots, Spam Referrer Blocker, Vulnerability Scanners, User-Agents, Malware, Adware, Ransomware, Malicious Sites, with anti-DDOS, Wordpress Theme Detector Blocking and Fail2Ban Jail for Repeat Offenders
Other
3.81k stars 472 forks source link

[User-Agent] (Yahoo! Slurp China) #437

Open f2ex opened 3 years ago

f2ex commented 3 years ago

Paste the full User-Agent String here


"http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"

Is this for Addition / Removal?

Did the User-Agent request robots.txt first?

Post Log Excerpt to show User-Agent behavior (10-20 lines is enough)


59.108.96.197 - - [14/Jun/2021:03:38:19 +0800] "POST //email/shell.php HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
211.93.67.4 - - [14/Jun/2021:04:19:12 +0800] "POST //editplus.asp HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
221.236.6.97 - - [14/Jun/2021:04:19:12 +0800] "POST //editplus.asp HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
118.244.66.224 - - [14/Jun/2021:04:50:26 +0800] "POST //dxyylc/md5.asp HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
125.254.179.251 - - [14/Jun/2021:04:50:26 +0800] "POST //dxyylc/md5.asp HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
61.29.241.137 - - [14/Jun/2021:05:24:26 +0800] "POST //dxyylc/1ndex.php HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
61.235.47.144 - - [14/Jun/2021:06:04:36 +0800] "POST //downl0ade/index.asp HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
61.186.172.227 - - [14/Jun/2021:06:04:36 +0800] "POST //downl0ade/index.asp HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
211.82.33.27 - - [14/Jun/2021:09:33:08 +0800] "POST //data/sz.php HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
211.143.80.153 - - [14/Jun/2021:12:00:06 +0800] "POST //data/cache/fuck.php.parse_search_.inc HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
210.52.16.242 - - [14/Jun/2021:16:05:44 +0800] "POST //css/ing/admin_login.php HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"
220.193.101.48 - - [14/Jun/2021:19:58:43 +0800] "POST //convert/data/config.inc.php HTTP/1.1"301 162 "http://misc.yahoo.com.cn/""Mozilla/5.0 (compatible; Yahoo! Slurp China; http://misc.yahoo.com.cn/help.html)"

Additional information

It looks like a yahoo spider, but it does not follow the robots.txt rules and scans sensitive files every day. And these ips are all marked as malicious ips. Please check this, thanks.