Significant number of non-HTTP requests hitting my site
Posted
by
Mark Westling
on Pro Webmasters
See other posts from Pro Webmasters
or by Mark Westling
Published on 2011-01-09T19:29:15Z
Indexed on
2011/01/09
19:58 UTC
Read the original article
Hit count: 244
nginx
|web-security
I'm seeing a significant number of non-HTTP requests hitting a site I just launched. They show up in the server (nginx) logs as non-ASCII and get rejected (correctly) with a 400 status. Here are some lines from the log:
95.132.198.189 - - [09/Jan/2011:13:53:30 -0500] "œ$A\x10õœ²É9J" 400 173 "-" "-" 79.100.145.126 - - [09/Jan/2011:13:57:42 -0500] "#§i²¸oYi Ṅ\x13VJ—x·—œ\x04N \x1DÔvbÛè½\x10§¬\x1E0œ_^¼+\x09ÜÅ\x08DÌÃiJeT€¿æ]œr\x1EëîyIÐ/ßýúê5Ǹ" 400 173 "-" "-" 79.100.145.126 - - [09/Jan/2011:13:58:33 -0500] "¯Ú%ø=Œ›D@\x12¼\x1C†ÄÀe\x015mˆàd˜Û%pÛÿ" 400 173 "-" "-"
What should I make of this? Is this some sort of scripted attack? Or could these be correct requests that have somehow been garbled?
They're not affecting the performance of the site and I'm not seeing any other signs of attacks (e.g., no strange POSTs) so at this point I'm more curious than afraid.
© Pro Webmasters or respective owner
