JDPFu.com 2025

A few examples:

• /d0ZX8m+pfnut+om+EDkVcP6P7NkIFNJZwGnFGC3Cf4=
• /UbOQSJY3d3BRN0B1vqoYvURC/lPAR57ux+jbAaplOU=
• /h795oDD2nl+YBxO1Rd6lSy+INmXqf9ZwAR/kL7Nsto=
• /Opb43x4uiN1qhpgpmG2pilkYAfqVh9Up0FVZcskdlc=
• /91NnupS9tEDNtRg2ENRyG5MuQg33KykPjIPgOxP1B4=
• /4RBxH9ECaHZaUTLehkvpG3XGAP0I7avBzdjszjEGQw=
• /ys8955MfrX8gWe795kseyTY2lecIT9MmKuiwCJOaMM=
• /ZVsXXT/1HyQRYSQANAFwtwUD0FV+AOOtwlv07GSWEM=
• /FXaDR7zR9Vfg74gggAoffVTyw15B2pYRq1Z7yDAwR0=
• /JuYvUYjAOSPtl5DiKMgN+MKSVz0idfeJqZcWTHI9Cg=

What does that look like to you? There are many others. Since they are the same length and always end with the = character, that makes me think these are generated by some system. Time to dig into the logs, yuck. I really need to get splunk running here. Remote into the server where logs are placed and gunzip all the typo related logs. Then pick a substring from the suspects and grep.

$ grep JY3d3BRN0B1vqoYvURC  typo.

Ah – *googlebot. I check a few others too. They all say googlebot even when the IP addresses are different. Google has 100,000+ web crawlers, so seeing different source IPs is common. I match the IPs with a whois – all Google, Inc. Interesting.

I guess those could be session cookies from the blog software that google isn’t properly parsing and using correctly. The session IDs aren’t that length however. Humm.

It isn’t like I’ll block Google, but I do block other web search engines for abusive attempts. We don’t use google-analytics and don’t have a google-app-id. I’m a little confused why the search engine would throw crap requests here. Are they looking for malware or dangerous server setups? I googled for an answer for a few minutes and didn’t find anything.

Anyone have ideas what is happening?