Stange stream of HTTP GET requests in apache logs, from amazon ec2 instances
Posted
by
Alexandre Boeglin
on Server Fault
See other posts from Server Fault
or by Alexandre Boeglin
Published on 2013-06-12T16:17:44Z
Indexed on
2013/07/03
11:08 UTC
Read the original article
Hit count: 777
I just had a look at my apache logs, and I see a lot of very similar requests:
GET / HTTP/1.1
User-Agent: curl/7.24.0 (i386-redhat-linux-gnu) libcurl/7.24.0 \
NSS/3.13.5.0 zlib/1.2.5 libidn/1.18 libssh2/1.2.2
Host: [my_domain].org
Accept: */*
- there's a steady stream of those, about 2 or 3 per minute;
- they all request the same domain and resource (there are slight variations in user agent version numbers);
- they come form a lot of different IPv4 and IPv6 addresses, in blocs that belong to amazon ec2 (in Singapore, Japan, Ireland and the USA).
I tried to look for an explanation online, or even just similar stories, but couldn't find any.
Has anyone got a clue as to what this is? It doesn't look malicious per say, but it's just annoying me, and I couldn't find any more information about it.
I first suspected it could be a bot checking if my server is still up, but:
- I don't remember subscribing to such a service;
- why would it need to check my site twice every minute;
- why doesn't it use a clearly identifying fqdn.
Or, should I send this question to amazon, via their abuse contact?
Thanks!
© Server Fault or respective owner