Is this an attack or a normal request?

Anderson dos Santos Donda andersondonda at
Mon Aug 24 11:22:50 UTC 2020

Hello everyone,

I’m new in the webserver world, and I have a very basic knowledge about
Nginx, so I want apologize in advance if I'm making a stupid question.

I have a very basic webserver hosting a WordPress webpage and in the past 3
days I have receiving thousands of below request: - - [24/Aug/2020:12:30:41 +0200]
"\x1E\x80\xEBol\xDF\x86z\x84\xA4A^\xAF;\xA1\x98\x1B\x0E\xB7\x88\xD3h\x8FyW\xE4\x0F=.\x15\xF7f:9\xF7\xC3\xBB\xB1}n\xA5\x88\x8B\xE7\xF4\x5C\x80\x98=\xE2X\xC8\xD4\x1Bv/\xDC3yAI\xEE\xE6\xFA\xB1\xF3\x90]\x9EG\xFD\x9B\xAB\x9B:\xA7q\x82*\xE1:\x1A - - [24/Aug/2020:12:30:41 +0200] "P\xCE
400 173 "-" "-”

This comes from a hundred of different IPs and in many requests at same

Is this kind of DDOS attack or a legitimate request(which my server returns
400 for them)?

If is an attack, has a specific name that I can search and try to
understand it better and mitigate it?

Thank so much for the help.

Best Regards,

Anderson Donda

*" **Mar calmo não cria bom marinheiro, muito menos bom capitão.**"*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list