 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
18 messages in ru.sysoev.nginxRe: Recently seeing a bunch of 400s| From | Sent On | Attachments |
|---|---|---|
| Neil Sheth | Dec 2, 2008 8:24 pm | |
| Dave Cheney | Dec 2, 2008 8:40 pm | |
| Neil Sheth | Dec 2, 2008 8:48 pm | |
| Dave Cheney | Dec 2, 2008 9:21 pm | |
| Neil Sheth | Dec 2, 2008 9:23 pm | |
| Neil Sheth | Dec 2, 2008 9:30 pm | |
| Dave Cheney | Dec 2, 2008 9:33 pm | |
| Neil Sheth | Dec 2, 2008 9:37 pm | |
| Neil Sheth | Dec 2, 2008 9:48 pm | |
| Neil Sheth | Dec 2, 2008 9:48 pm | |
| Dave Cheney | Dec 3, 2008 1:27 am | |
| Arvind Jayaprakash | Dec 3, 2008 9:17 am | |
| Neil Sheth | Dec 11, 2008 3:31 pm | |
| Dave Cheney | Dec 11, 2008 7:17 pm | |
| Neil Sheth | Dec 15, 2008 6:05 pm | |
| Dave Cheney | Dec 15, 2008 10:55 pm | |
| Igor Sysoev | Dec 16, 2008 12:30 am | |
| Dave Cheney | Dec 16, 2008 12:56 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: Recently seeing a bunch of 400s | Actions... |
|---|---|---|
| From: | Neil Sheth (nsh...@gmail.com) | |
| Date: | Dec 2, 2008 8:48:47 pm | |
| List: | ru.sysoev.nginx | |
We're seeing a complaint from a user, pretty sure they aren't up to anything nefarious!
On Tue, Dec 2, 2008 at 8:41 PM, Dave Cheney <da...@cheney.net> wrote:
They are most likely bots probing port 80 on your server, then closing the connection without sending a request.
Whois and host suggest that those are home ip's on cable modems. You could try running P0f or tcpdumping the traffic to see what they are doing.
Cheers
Dave
On Tue, 2 Dec 2008 20:25:01 -0800, Neil Sheth <nsh...@gmail.com> wrote:
Hello,
I'm seeing a bunch of entries like the following in my nginx access log:
88.147.21.24 - - [02/Dec/2008:04:16:43 -0600] "-" 400 0 "-" "-" 72.14.204.136 - - [02/Dec/2008:04:16:43 -0600] "-" 400 0 "-" "-" 88.147.21.24 - - [02/Dec/2008:04:16:46 -0600] "-" 400 0 "-" "-" 88.147.21.24 - - [02/Dec/2008:04:16:48 -0600] "-" 400 0 "-" "-" 88.147.21.24 - - [02/Dec/2008:04:16:51 -0600] "-" 400 0 "-" "-" 72.39.110.147 - - [02/Dec/2008:04:16:53 -0600] "-" 400 0 "-" "-" 88.147.21.24 - - [02/Dec/2008:04:16:54 -0600] "-" 400 0 "-" "-" 67.165.72.106 - - [02/Dec/2008:04:16:56 -0600] "-" 400 0 "-" "-" 88.147.21.24 - - [02/Dec/2008:04:16:57 -0600] "-" 400 0 "-" "-" 82.37.232.219 - - [02/Dec/2008:04:17:00 -0600] "-" 400 0 "-" "-" 220.255.7.179 - - [02/Dec/2008:04:17:39 -0600] "-" 400 0 "-" "-" 220.255.7.218 - - [02/Dec/2008:04:17:39 -0600] "-" 400 0 "-" "-" 72.21.243.194 - - [02/Dec/2008:04:17:41 -0600] "-" 400 0 "-" "-" 220.255.7.141 - - [02/Dec/2008:04:17:41 -0600] "-" 400 0 "-" "-" 220.255.7.162 - - [02/Dec/2008:04:17:42 -0600] "-" 400 0 "-" "-" 220.255.7.184 - - [02/Dec/2008:04:17:42 -0600] "-" 400 0 "-" "-"
and so on . . .
I'm running 0.6.32. A bit of a loss as to where to start looking - any suggestions?
Thanks!