HTTP to HTTPS Redirects – Possible Vulnerability
Sorry this question could be a bit more clearer.
Consider this as typical scenario where
- http://example.com is set up to redirect to https://www.example.com
- http://www.example.com is set up to redirect to https://www.example.com
- https://example.com is set up to redirect to https://www.example.com
For last few months, we have seen a pattern where bots from Asian IPs (mostly Hong Kong, Singapore and Indonesia) will hit a fake URLs on http or even non-www https version, get a redirect to https://www.example.com and hit 404 page.
We obviously block them at Cloudflare level but it hasn't stopped them nor Cloudflare would block them even after one IP failing captcha thousands of times.
What vulnerability/SEO manipulation these bots are attempting?
Some of the URL examples:
- /tag/modifikasi-dankaroseritruck.blogspot.com,+acrobat+9+pro+free+delivery
- /tag/https://web.whatsapp.com/,+acrobat+9+pro+free+delivery - /tag/https://web.whatsapp.com/
- /tag/modifikasi-dankaroseritruck.blogspot.com
- /tag/karoseritrucktangkisolar.blogspot.com
- /gp/bestsellers/books/4898508051/ref=pd_zg_hrsr_books/
- /gp/profile/amzn1.account.AGH2BKLJ6I4AENWWC4PNHCVCQECQ/ref=cm_cr_dp_mb_gw_tr/
- /gp/bestsellers/digital-text/2529346051/ref=pd_zg_hrsr_digital-text/
- /s/ref=dp_byline_sr_ebooks_4/
- /ChatGPT-Profits-Millionaire-Artificial-Intelligence-ebook/dp/B0C7NWXPFM/ref=pd_aw_sim_m_sccl_2/357-6415495-1939633/
Most of these requests seem to use a referrer pointing to a blackhat service indexkings.com. Most of the requests also seem to be part of some blackhat campaign being run by https://promokaroseri.com/ and I have duly reported it to Google.
