on Server Fault
See other posts from Server Fault
or by Alexandre Boeglin
Published on 2013-06-12T16:17:44Z Indexed on 2013/07/03 11:08 UTC
Read the original article Hit count: 349
I just had a look at my apache logs, and I see a lot of very similar requests:
GET / HTTP/1.1 User-Agent: curl/7.24.0 (i386-redhat-linux-gnu) libcurl/7.24.0 \ NSS/188.8.131.52 zlib/1.2.5 libidn/1.18 libssh2/1.2.2 Host: [my_domain].org Accept: */*
- there's a steady stream of those, about 2 or 3 per minute;
- they all request the same domain and resource (there are slight variations in user agent version numbers);
- they come form a lot of different IPv4 and IPv6 addresses, in blocs that belong to amazon ec2 (in Singapore, Japan, Ireland and the USA).
I tried to look for an explanation online, or even just similar stories, but couldn't find any.
Has anyone got a clue as to what this is? It doesn't look malicious per say, but it's just annoying me, and I couldn't find any more information about it.
I first suspected it could be a bot checking if my server is still up, but:
- I don't remember subscribing to such a service;
- why would it need to check my site twice every minute;
- why doesn't it use a clearly identifying fqdn.
Or, should I send this question to amazon, via their abuse contact?
© Server Fault or respective owner