1

I have a CentOS 6 server that has misbehaved over the last couple of weeks. I have tried to trace network, adjust settings, and asked a lot of clever people about it (see more in this question: Something is closing connections in my CentOS VMs - how to best troubleshoot?)

The issue has not been there the last 3-4 days so I was getting closer to perhaps believing that some of the adjustments had made a difference. But now it just happened twice within an hour. I started looking in logs. And I stumbled over this in the /var/log/nginx/access.log:

:
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
34.78.120.99 - - [13/Aug/2021:15:18:34 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
:

... and many more of them!

This occurred around both of the times that I saw the issue. Does anyone know if this is Ok - or if not, what is the best way forward to block it?

Thanks!

/John

Edit

I reported it as suggested - and then blocked that IP address in my Nginx.

So today I checked again - and now I have a bunch of similar requests - just from another IP.

104.155.101.3 - - [18/Aug/2021:13:54:36 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:45 +0200] "GET / HTTP/1.1" 200 26314 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:45 +0200] "GET / HTTP/1.1" 200 26313 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:46 +0200] "GET / HTTP/1.1" 200 26348 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:46 +0200] "GET / HTTP/1.1" 200 26325 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:46 +0200] "GET / HTTP/1.1" 200 26280 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:48 +0200] "GET / HTTP/1.1" 200 26325 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:49 +0200] "GET / HTTP/1.1" 200 26280 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:02:49 +0200] "GET / HTTP/1.1" 200 26299 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:25 +0200] "GET / HTTP/1.1" 200 26298 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:25 +0200] "GET / HTTP/1.1" 200 26349 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:27 +0200] "GET / HTTP/1.1" 200 2379 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:27 +0200] "GET / HTTP/1.1" 200 26279 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:28 +0200] "GET / HTTP/1.1" 200 26349 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:29 +0200] "GET / HTTP/1.1" 200 26318 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:30 +0200] "GET / HTTP/1.1" 200 26348 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:30 +0200] "GET / HTTP/1.1" 200 26319 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:32 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:32 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:32 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"
104.155.101.3 - - [18/Aug/2021:16:06:32 +0200] "GET / HTTP/1.1" 499 0 "-" "python-requests/2.26.0" "-"

Should I be concerned about some of the new ones (with code 200)???

John Dalsgaard
  • 193
  • 1
  • 8
  • 1
    34.78.120.99 reverse-resolves to 99.120.78.34.bc.googleusercontent.com. Apparently, that means it's something on Google Cloud Platform; others have had similar problems ([1](https://support.google.com/webmasters/forum/AAAA2Jdx3sUSM9lJTs7mF8/?hl=en&gpf=%23!topic%2Fwebmasters%2FSM9lJTs7mF8), [2](https://support.google.com/webmasters/thread/8947965/i-need-to-know-definitively-what-these-visitors-with-xxx-xxx-xx-bc-googleusercontent-com-are?hl=en)), but don't seem to have been able to get much info. You could [report it](https://support.google.com/code/contact/cloud_platform_report?hl=en)... – Gordon Davisson Aug 14 '21 at 09:38

0 Answers0