Is this an attack or a normal request?
Anderson dos Santos Donda
andersondonda at gmail.com
Mon Aug 24 11:22:50 UTC 2020
Hello everyone,
I’m new in the webserver world, and I have a very basic knowledge about
Nginx, so I want apologize in advance if I'm making a stupid question.
I have a very basic webserver hosting a WordPress webpage and in the past 3
days I have receiving thousands of below request:
5.122.236.249 - - [24/Aug/2020:12:30:41 +0200]
"\x1E\x80\xEBol\xDF\x86z\x84\xA4A^\xAF;\xA1\x98\x1B\x0E\xB7\x88\xD3h\x8FyW\xE4\x0F=.\x15\xF7f:9\xF7\xC3\xBB\xB1}n\xA5\x88\x8B\xE7\xF4\x5C\x80\x98=\xE2X\xC8\xD4\x1Bv/\xDC3yAI\xEE\xE6\xFA\xB1\xF3\x90]\x9EG\xFD\x9B\xAB\x9B:\xA7q\x82*\xE1:\x1A
5.122.236.249 - - [24/Aug/2020:12:30:41 +0200] "P\xCE
\x9C\xA9\xB6pS\xD6#1\x84\x22\xB0s\xB8\xAA\x09\x06Ex\xDD\x88\x11\xFC\x0E\xDB\x04\x18~*\xE7h\xD2H\xD422\x83,\xB3u\xDF|\xED\x8BP\x9Box\xA4\x042\xFBz\xAAh\xF9\x14^\x96\xDD\x1D\xF6\xDD*\xF4"
400 173 "-" "-”
This comes from a hundred of different IPs and in many requests at same
time.
Is this kind of DDOS attack or a legitimate request(which my server returns
400 for them)?
If is an attack, has a specific name that I can search and try to
understand it better and mitigate it?
Thank so much for the help.
Best Regards,
Donda
--
Att.
Anderson Donda
*" **Mar calmo não cria bom marinheiro, muito menos bom capitão.**"*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20200824/38f0d666/attachment.htm>
More information about the nginx
mailing list