: What are these strange Speed_Bump requests in my logs? Malware, nuisance, nothing? I've recently noticed a number of garbage requests coming into a website that I run. They look like so: 2015-02-19
I've recently noticed a number of garbage requests coming into a website that I run. They look like so:
2015-02-19 13:54:27.272 /notify-Speed_Bump?aHR0cDovL3d3dy5zaGFya2FseXRpY3MuY29tLw==
2015-02-19 13:44:35.159 /verify-Speed_Bump?aHR0cDovL3d3dy5zaGFya2FseXRpY3MuY29tL2NvbXBhbnkvdGVuLXRoaXJ0eS1vbmUtcHJvZHVjdGlvbnM=
2015-02-19 13:44:35.081 /verify-Speed_Bump?aHR0cDovL3d3dy5zaGFya2FseXRpY3MuY29tL2NvbXBhbnkvdGVuLXRoaXJ0eS1vbmUtcHJvZHVjdGlvbnM=
2015-02-19 13:43:31.952 /accepted-Speed_Bump?aHR0cDovL3d3dy5zaGFya2FseXRpY3MuY29tL2ludmVzdG9yL21jdWJhbg==
2015-02-19 13:43:31.841 /accepted-Speed_Bump?aHR0cDovL3d3dy5zaGFya2FseXRpY3MuY29tL2ludmVzdG9yL21jdWJhbg==
2015-02-19 13:43:29.356 /notify-Speed_Bump?aHR0cDovL3d3dy5zaGFya2FseXRpY3MuY29tL2ludmVzdG9yL21jdWJhbg==
Searched around for answers as to what this Speed_Bump thing is about, but couldn't find anything about it. No harm done yet, as of course the server returned 404 each time. I haven't gotten that many of these requests, but they're coming from IPs in ranges that were already suspect due to previous bad behavior.
Is it malicious, annoying, or just nothing?
More posts by @Sarah324
1 Comments
Sorted by latest first Latest Oldest Best
There is not much you can do about it. Log records like these happen all the time no matter what sort of site you host. There are a number of reasons...
Site Profiling - Some malicious users will attempt to inject various random URL chains into the path to see if they get a valid return or not, this is designed to identify the platform hosting the system (ie: framework, language, hidden section, etc).
Virus on the Client Machine - Some viruses and malware can do the same thing for very much the same reason when it is installed on a remote clients machine.
Misconfigured Network - Sometimes a network security appliance or network software will cause something like this to be added to URL's for it to work on the local network but which will have no meaning for your server. In this instance it is just the way they have needed to configure their network.
Based on your question research has shown that it would be more than likely to be option 3. In this sort of instance you are already doing all that you can do and that is to return 404 errors to the request. It is unlikely that it is a malicious issue and short of blocking the address block (which would also have the affect of blocking a number of potential visitors to your site) there is not much else that you can do.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.