Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Why would a botnet access my server like that?
2 points by guillaumec on Sept 13, 2016 | hide | past | favorite | 5 comments
My website gets a lot of 'traffic' from seemingly random ips, all requesting the same (broken) url. It seems I have been targeted by a botnet, but I don't understand the goal of those requests: they are clearly not trying to attack, and not fast enough to be a DDOS.

I get on average one of those requests every couple of seconds. This has been going on for more than a year now. Any idea what those are?

Here is an example from my log (ip and server name redacted):

xxx.xxx.xxx.xxx myserver.com - [13/Sep/2016:06:34:49 +0200] "GET /invalid HTTP/1.1" 403 345 "-" "Mozilla/5.0" xxx.xxx.xxx.xxx myserver.com - [13/Sep/2016:06:35:10 +0200] "GET /invalid HTTP/1.1" 403 345 "-" "Mozilla/5.0"



some random requests from random IPs with fake user agents? Sounds more like running a webserver on the public internet than being targeted...


That's my point. This is clearly not an attack, so why would a botnet bother doing this?


Why do you think it's a botnet?


The fact that all the ips are different.


This feels more like some company has some device or program running from all over the place, and for whatever reason got their DNS pointed at you. A botnet is generally used in an attack, not just creating random spam. Personally, I wouldn't worry about it. If you're really curious, I'd do two things:

First look at where the IPs geolocate to. Do most of them come from a particular country or region? A particular ISP/AS? Maybe a particular type of ISP (eg mobile carrier)? Further, you might look at when these requests are made, how frequently they recur from the same IP, etc.

Second, do a packet capture and look at the full request. Maybe it'll have a hostname or telltale header, etc.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: