Recently seeing a bunch of 400s
Dave Cheney
dave at cheney.net
Wed Dec 3 07:41:16 MSK 2008
They are most likely bots probing port 80 on your server, then closing the
connection without sending a request.
Whois and host suggest that those are home ip's on cable modems. You could
try running P0f or tcpdumping the traffic to see what they are doing.
Cheers
Dave
On Tue, 2 Dec 2008 20:25:01 -0800, Neil Sheth <nsheth at gmail.com> wrote:
> Hello,
>
> I'm seeing a bunch of entries like the following in my nginx access log:
>
> 88.147.21.24 - - [02/Dec/2008:04:16:43 -0600] "-" 400 0 "-" "-"
> 72.14.204.136 - - [02/Dec/2008:04:16:43 -0600] "-" 400 0 "-" "-"
> 88.147.21.24 - - [02/Dec/2008:04:16:46 -0600] "-" 400 0 "-" "-"
> 88.147.21.24 - - [02/Dec/2008:04:16:48 -0600] "-" 400 0 "-" "-"
> 88.147.21.24 - - [02/Dec/2008:04:16:51 -0600] "-" 400 0 "-" "-"
> 72.39.110.147 - - [02/Dec/2008:04:16:53 -0600] "-" 400 0 "-" "-"
> 88.147.21.24 - - [02/Dec/2008:04:16:54 -0600] "-" 400 0 "-" "-"
> 67.165.72.106 - - [02/Dec/2008:04:16:56 -0600] "-" 400 0 "-" "-"
> 88.147.21.24 - - [02/Dec/2008:04:16:57 -0600] "-" 400 0 "-" "-"
> 82.37.232.219 - - [02/Dec/2008:04:17:00 -0600] "-" 400 0 "-" "-"
> 220.255.7.179 - - [02/Dec/2008:04:17:39 -0600] "-" 400 0 "-" "-"
> 220.255.7.218 - - [02/Dec/2008:04:17:39 -0600] "-" 400 0 "-" "-"
> 72.21.243.194 - - [02/Dec/2008:04:17:41 -0600] "-" 400 0 "-" "-"
> 220.255.7.141 - - [02/Dec/2008:04:17:41 -0600] "-" 400 0 "-" "-"
> 220.255.7.162 - - [02/Dec/2008:04:17:42 -0600] "-" 400 0 "-" "-"
> 220.255.7.184 - - [02/Dec/2008:04:17:42 -0600] "-" 400 0 "-" "-"
>
> and so on . . .
>
> I'm running 0.6.32. A bit of a loss as to where to start looking -
> any suggestions?
>
> Thanks!
More information about the nginx
mailing list