I faced the same issue. As I found out, the attacker used the URLs, which were provided to him by chrome extension. In my case it was awesomescreenshot extension in Google Chrome, which leaked all the internal pages (in admin account) I was visiting myself. So the bot later just pinged those.
When extension is installed basically it receives access to all the pages URLs you visit. I just removed the extension, now in doubts whether I need to reset all password of all my accounts, because potentially cookies also could be leaked. On Thursday, May 15, 2014 3:55:11 PM UTC+2, dimitriosd1983 wrote: > > I have an application that only runs cron jobs and uses a backend, so > there are no incoming requests from any client. I noticed that a request > from a user named 'niki-bot' was received and I'm quite surprised as my app > url does not appear anywhere it's only used by admin account which sends > cron requests. Fortunately I had setup security on my crons so this user > got a 403 forbidden message, but I'm still wondering how could this happen. > Has any of you guys experienced something similar? > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
