: Strange Bingbot hits in my website access logs I'm seeing many hits to my site recently in the access logs and I'm not sure what to do with them. The pages they are trying to reach do not

@Ann8826881

The 3 log records shown all look like legitimate traffic (both the Google and Bing IP addresses appear valid) and as closetnoc has already pointed out, only the last one references the Bingbot.


The pages they are trying to reach do not exist


But your server is returning a 200 OK status, which is potentially allowing these URLs to be indexed by the search engines. If these URLs returned a 404 Not Found then it wouldn't be such a problem.

It looks like your site has been the target of a XSS-like attack to create spammy links in the SERPs for keywords that are irrelevant to your site.


Is there something I can do to prevent any /index.php/XXXXXX requests


Yes. The additional XXXXXX in the URL after a valid filename is trailing pathname information (PATH_INFO). The default behaviour on Apache generally allows this additional path info (although it depends on the handler).

However, this can be disabled with the AcceptPathInfo directive in your server config or .htaccess file. For example:

AcceptPathInfo Off


This will result in Apache returning a 404 NOT FOUND error on such requests.

Apache docs... httpd.apache.org/docs/2.4/mod/core.html#acceptpathinfo


Depending on your website URL structure, you could just block any direct requests to index.php. Something like the following, using mod_rewrite in the root .htaccess file:

RewriteEngine On
RewriteCond %{THE_REQUEST} ^GET /index.php [NC]
RewriteRule ^index.php - [F]


This would need to go before any URL routing directives (eg. WordPress).

THE_REQUEST contains the initial request header only, so you are still OK to internally rewrite to index.php if you are using a front controller (for example).

Vote Up Vote Down