Skip to Content
Cover Image
Share via QR Code
Sharing QR Code

Ken's Study Journey Reminder:

Copy the link below or use the menu on your browser to share.

CAPTCHA Security Check

Reminder: Do Not Massively Scan Website APIs

 All Notices

Font Size:
Default Large Extra

By: Ken Deng   Published on 31 May 2023

  Download PDF

Simply Speaking

Recently, one of my servers (GB-LHR-01) detected and reported unusual behaviours on my website, such as scanning Ken’s Study Planner APIs.

My Reminder: It is inappropriate to massively scan APIs which will threaten the website and Internet security.

Dear students, teachers, and visitors,

Thanks for choosing and using Ken’s Study Journey services!

Recently, one of my server’s (GB-LHR-01; my London, United Kingdom server) security control system detected and reported some unusual behaviours threatening Internet security on my services, including Ken’s Study Journey website and Ken’s Study Planner.

This includes, according to the server logs:

  • Scan non-existent Ken’s Study Planner API URLs, e.g.

    https://planner.kenstudyjourney.cn/api/grame/getHomePtLottery/
  • Use Tor to scan WordPress modules (wp-***.php) on Ken’s Study Journey website (blocked by my server’s security control system).
    My website does not use the WordPress SDK framework.

Please note that my services ban the Tor Network (i.e. the Dark Web).

Fortunately, these requests were blocked and dropped by my UK server locally and not forwarded to my Chinese (CN) servers.

This does not follow:

  • The rules of Ken’s Study Planner’s “robots.txt” file, and
  • Section 4 of my Terms of Service (crawling private information)

This also violates the Terms of Service on some other websites.

In my daily free time, I artificially patrol the modules, pages and server error logs on my website to check:

  • whether my website, services and/or some modules malfunction (not working correctly), and
  • whether there are unusual activities and behaviours.

This is similar to teachers patrolling (checking) classrooms during lesson times and exam boards patrolling exam rooms worldwide during exam seasons.

My servers always keep logs to trace any misbehaviours or non-attack outages according to China regulations.

To ensure Study Plan Security, my servers have installed security control systems, monitoring and reporting any suspicious behaviours.

Ken’s Study Journey reminds you:

  • It is inappropriate to massively scan APIs.

According to my Terms of Service, you can:

  • Use and request API(s) only if you have the API URL(s) and key(s).
  • Crawl and scan publicly-displayed webpages (like search engines).
  • Follow the rules on the website’s “robots.txt” file.
  • Properly set User-Agent HTTP request header for crawlers, including “bot”, “spider” or “crawl”.

But you can’t:

  • Massively crawl and scan private information, like API data and keys.
  • Use the Tor Network/Browser to carry out abusive behaviours on websites.

I am implementing more measures on the servers’ security control system to maintain a safe study environment and atmosphere.

If you have any questions or cannot understand my Terms of Service, you can contact me to fully understand them.

Hope students use the Internet properly, including other websites and services.

Please supervise together and report to me if you discover such misbehaviours.

Ken’s Study Journey

31 May 2023

Did you Know?

On some websites, your IP address may be banned for a limited time if it sends a very large number of requests to the same website (webpage and API) in a short time.

However, the main goal of Ken’s Study Journey is to educate users (especially students) rather than penalising or banning them. So this is just a reminder.

What is Terms of Service (ToS)?

I understand that some users do not understand what is Terms of Service, so I will briefly explain it here.

Terms of Service can be found at the bottom of most websites.

Most platforms (website/app) ask users to read the ToS before using them.

It is a legal document describing:

  • The services that the platform provides,
  • What is allowed and not allowed to do on the platform,
  • Liability of the platform (whether the platform will compensate you if it causes you damage),
  • (etc.)

Generally speaking, the commonly disallowed behaviours are:

  • Online attacks (e.g. (D)DoS and CC attack, hacking),
  • Massively scan website APIs and login pages (usernames and passwords),
  • Send spam emails,
  • Upload or send prohibited content (by the laws or platform’s rules),
  • (etc.)

My Another Tip: Follow China Regulations

As a Chinese international school (A Level) student, my website and Ken’s Study Journey services are registered with China ICP and Public Security and regulated under China authorities.

I understand that users outside China may not know our rules and regulations, so I will briefly tell them here.

This also applies to other Chinese websites, and even ISP routers.

Websites must keep logs for at least 6 months, according to China Internet Security Law (Section 21 (c)), including:

  • visitor’s IP address,
  • visitor’s port number,
  • the exact visit/activity date and time in Seconds,
  • URL (link),
  • user identifier (e.g. email address) (if logged in),
  • (etc.)

So, any visits and operations (especially hacking and scanning attempts) on a website will be recorded (logged) on the servers (for future investigation).

Website owners must cooperate with the authorities to provide logs if they need to investigate any harmful/illegal Internet activity or content.

Note: The logs can also be used to track bugs and non-attack service outages.

Warning: Any attacks causing severe interruption to the services (e.g. (D)DoS/CC attack) can be reported to the Internet police (by the website owner).