100096HTML Simulate


#1

Hello from September 21, including today in the firewall, receive many requests like 100096HTML Simulated from different ips in china, indonesia, korea, taiwan, india, vietnam from what they receive so hard and why they please.


What are 100096HTML firewall events
#2

Can you post a screenshot of that?


#3


#4

image
10096HTML is when HTML is being sent in the request, likely to XSS. Is your website running on a a CMS (Content Management System) like wordpress or drupal?


#5

I use wordpress


#6

what can I do in this case?


#7

I’m getting hundreds and sometimes thousands of these events every day in my firewall section.

They are always on get requests for images on my website and have details related to yahoo in the match triggered section as below. Sometimes the ip addresses getting the images are yahoo ip addresses and sometimes not.

100096BASE_MATCHED_VAR=https://uk.images.search.yahoo.com/images/view;_ylt=awrj6txy0qhbfvoacily3olq;_ylu=x3odmtizmzexnm01bhnlywnzcgrzbgsdaw1nbg9pzamyndzhn2nkzwmzzwe3mdzkzwvhzdgzyjy3zwuyywu2zqrncg9zazqwbgl0a2jpbmc

Does anybody know what they are?

Thanks


#8

These requests have also started for me at a similar date as the user above, a lot of the ip addresses are from ip addresses in the following range 67.195.0.0/16 but also from many other other ip addresses. When I check the ip addresses, the ones starting with 67.195 seem to be related to yahoo.


#9

My website isn’t running on a cms, but I’ve just started to get thousands of these requests per day appearing in my firewall events, see my comments below, they seem to be related to yahoo ?


#10

This rule has been disabled while we do some additional tweaking. Apologies for the spam it caused in your logs.


#11

Thanks for the update, where these requests genuine yahoo requests or are they suspicious/dangerous?


#12

Hi, also, i’m Still getting similar 100096BASE requests.


#13

I’m still getting around 500 to 1000 of these requests in my firewall log each day and it’s making it difficult to check other security issues as I don’t have time to go through the huge list each day.

Have you got an update on this?

Thanks