I have created an amazon ec2 instance and I am hosting a flask server (the public ip of the server is known only to another server, it is not meant to be used by clients but only by another computer).
For some reason, I am receiving a weird network activity:
From the logs:
162.142.125.10 - - [18/Apr/2022 19:45:39] "GET / HTTP/1.1" 200 -
118.123.105.85 - - [18/Apr/2022 20:06:30] "GET / HTTP/1.0" 200 -
198.235.24.20 - - [18/Apr/2022 22:37:16] "GET / HTTP/1.1" 200 -
128.14.209.250 - - [19/Apr/2022 01:24:07] "GET / HTTP/1.1" 200 -
128.14.209.250 - - [19/Apr/2022 01:24:15] code 400, message Bad request version ('À\x14À')
128.14.209.250 - - [19/Apr/2022 07:05:32] "▬♥☺ ±☺ ♥♥Ýfé$0±6nu♀¤♫ëe éSV∟É#☼ß↨♠\ VÀ◄ÀÀ‼À À¶À" HTTPStatus.BAD_REQUEST -
I have looked all these IPs and they are across the globe.
Why am I getting these kind of requests ? What are they probably trying to achieve ?
[EDIT]
162.142.125.10 -> https://about.censys.io/
118.123.105.85 -> ChinaNet Sichuan Province Network
198.235.24.20 -> Palo Alto Networks Inc
128.14.209.250 -> zl-dal-us-gp1-wk123.internet-census.org
CodePudding user response:
As others said, it's common that bots and (ethical?) hackers around the world scan your machine if it's on a public network.
Your assumption that "the public ip of the server is known only to another server" simply isn't true. If you want to achieve that, you should place your server inside a private VPC subnet and/or allow the traffic only from the specific server via Security Group configuration.