tygobot

Bot User-Agent: tygobot

🤖 Overview

tygobot is a web crawler operated by the TYPO3 Association, first deployed around 2015 to scan websites for TYPO3 CMS installations, collecting version and extension data for the open-source community's security and statistics purposes, as documented on the official TYPO3 website.

🌐 Technical Behavior

tygobot performs HTTP GET requests targeting common TYPO3 paths like /typo3, /TYPO3, and /typo3_src, checking for configuration files such as typo3conf/localconf.php or public/typo3conf/LocalConfiguration.php. It also inspects HTTP response headers for X-Powered-By: TYPO3. Crawl frequency can be high, with multiple requests per second per IP during large scans. IP ranges include 185.73.52.0/22 and others listed in the TYPO3 Association's published list. The bot communicates over standard HTTP/1.1 and HTTPS protocols without unusual request patterns. It identifies itself via the User-Agent string and may include a X-TYPO3-Crawler: tygobot header.

📋 robots.txt Compliance

According to official TYPO3 documentation, tygobot fully respects robots.txt directives, including Crawl-Delay settings. Site owners are advised to explicitly allow tygobot if they wish to appear in the public TYPO3 usage statistics database.

🔍 Detection Indicators

The primary User-Agent string is tygobot/1.0 or tygobot/1.1, often with TYPO3 included. Additional indicators include requests to /.well-known/typo3 and rapid sequential probes for typo3conf files. Behavioral fingerprints show a pattern of scanning common TYPO3 paths in quick succession.

📊 Data Usage

Collected data includes TYPO3 version numbers, installed extensions, PHP version, and server configurations. This is aggregated to maintain a public TYPO3 usage statistics dashboard and to identify outdated installations vulnerable to known CVEs, such as CVE-2022-31000. The data is used solely for community improvement and security alerts, not for AI training.

⚙️ Rate Limiting Policy

Due to its aggressive scanning behavior during large-scale surveys, tygobot is rate-limited to prevent server overload. A common policy is to allow up to 10 requests per minute per IP and block after exceeding 100 requests per hour, balancing legitimate data collection with site performance.

Free Traffic Analysis

What's Actually Crawling Your Website?

Discover which unwanted bots are being blocked on your site, how often they hit, and where they come from — real data from your own traffic, not guesswork.

🔍 Scan My Site Free

Powered by JA4 fingerprinting, honeypot traps & behavioral analysis

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the bots listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.