Referer = www . baidu . com

Forum Moderators: open

Message Too Old, No Replies

Referer = www . baidu . com

I flag these as bot/VPN

SumGuy

12:23 am on Jun 5, 2025 (gmt 0)

I only have a few dozen instances of this so far, the first happened on Dec 30 last year but they've really ramped up in April and May. The referer is simply http // www . baidu . com, the user-agent is practically always Windows NT 10, and always a stale version of Chrome. There were a few times when the UA was something wierd, like these:

binlar_2.6.3 larbin2.6.3@unspecified.mail
Fyrebot/1.0
Mozilla/5.0 (compatible; yoozBot-2.2; http :// yooz.ir; info@yooz.ir)

Even if I didn't flag referer = baidu, these would still get flagged because of UA = old chrome version. None of the IP's are China. They all seem to be residential IP's in US / Canada / Europe.

lucy24

4:05 am on Jun 5, 2025 (gmt 0)

Yup. Mine says

SetEnvIf Referer baidu bad_ref=baidu

And, to be entirely honest, I don’t especially care if it’s a robot or a human.

Scanning logs, I am especially struck by a handful along the lines of

118.193.38.abc - - [05/Feb/2025:21:20:57 -0800] "GET /baidu.html HTTP/1.1" 403 2986 "http://www.example.com/baidu.html" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"

though this turns out to be a red herring: they show up in a series of blatantly robotic requests, each with auto-referer.