400, Bad Request errors since upgrading to v4.20

1 month ago
Been getting a lot of Bad Request errors in my log since upgrading.   For example, from the login page.  But it's not all the time.   I can login/logout repeatedly and not see this error.  But each day I look at my log I'll see 20 or 30 of them.   Also, it's not always the login page.  Sometimes it's one of my blog pages that will be listed as the PageURL  .

Any ideas? (example below)

Log level  
Error
Short message  
Error 400. Bad request
Full message  
IP address  
134.119.216.167
Customer  Guest
Page URL  
http://www.roadlessgear.com/login
Referrer URL  
http://www.roadlessgear.com
Created on  
2/21/2020 8:55:07 AM
1 month ago
Any Full error message?
1 month ago
No.   The text above is the complete information displayed in nopCommerce error log.
1 month ago
Looking at each one, the error seems to always be one of three pages.   The login page (per my original message) or one of two different blog pages.

What is odd is that these are really old blog posts from back in 2012.  So it's not like customers are hitting those pages on a regular basis.   I'd be shocked to learn that ANYBODY is actually visiting those pages today.   Much less, several times a day.

And I can visit those pages and it does not generate an error log entry when I do.  Just like I can login without generating any errors.
1 month ago
I bet it's a bot trying to create an account to leave comment spam in your blog:
https://www.projecthoneypot.org/ip_134.119.216.167
1 month ago
I suspected as much.   but why the 400 error?    shouldn't a bot just fail the login check like anybody else with the wrong password?
1 month ago
they're sending in form data that NopCommerce doesn't handle, it's a malformed request from the client