API being spammed with junk requests [closed]

I am getting a huge amount of junk in my log for a flask API. It looks like a bunch of bad requests are being sent and I have no idea where it is coming from. The same code is deployed to two other test environments and the problem does not exist there. It doesn’t effect the process at all, but it makes the log very hard to read. The requests come in on the same second of every minute. Does this look familiar to anyone? I have no idea how even begin troubleshooting. The API is deployed on a unix server.

This is what the log looks like:

17/11/2023 14:10:48|ERROR|10.47.29.62 - - [17/Nov/2023 14:10:48] code 400, message Bad request syntax ("\x16\x03\x03\x01\x89\x01\x00\x01\x85\x03\x03\x89ªÔ)\x88Ī¾\x03\x99Ao\x97ðaçna\x1b¼\x99á\x1f\x13\x1cµ\x05Ú\x0e.Ý® «\x88Á\x10ü-GÙÙs\x05l\x8aÌ|Àº{\x134pZÁàt]ÅEj5kÕ\x00H\x13\x02\x13\x01\x13\x03À,À+Ì©À0̨À/\x00\x9f̪\x00£\x00\x9e\x00¢À$À(À#À'\x00k\x00j\x00g\x00@À")|
17/11/2023 14:10:48|INFO|10.47.29.62 - - [17/Nov/2023 14:10:48] " ªÔ)Ī¾Aoðaçna¼áµÚ.Ý® «Áü-GÙÙslÌ|Àº{4pZÁàt]ÅEj5kÕ HÀ,À+Ì©À0̨À/ ̪ £  ¢À$À(À#À' k j g @À" HTTPStatus.BAD_REQUEST -|
17/11/2023 14:11:48|ERROR|10.47.29.62 - - [17/Nov/2023 14:11:48] code 400, message Bad request syntax ('\x16\x03\x03\x01\x89\x01\x00\x01\x85\x03\x03¦\x95\x83\x98J;^\x1f?Ø\x14fi>\x00\tⶠHøÅ\x93_\x9b\x19UÏ\x1c3\x0fÿ û)ÝL¼"\x1erÑ\x13\x84ÈþÂLH¨>¾ù\x87ØbjBZslÁc.Ý\x00H\x13\x02\x13\x01\x13\x03À,À+Ì©À0̨À/\x00\x9f̪\x00£\x00\x9e\x00¢À$À(À#À\'\x00k\x00j\x00g\x00@À')|
17/11/2023 14:11:48|INFO|10.47.29.62 - - [17/Nov/2023 14:11:48] " ¦J;^?Øfi>     ⶠHøÅ_UÏ3ÿ û)ÝL¼"rÑÈþÂLH¨>¾ùØbjBZslÁc.Ý HÀ,À+Ì©À0̨À/ ̪ £  ¢À$À(À#À' k j g @À" HTTPStatus.BAD_REQUEST -|

  • 1

    Welcome to the internet. Random unknown IPs will be abusing your listening ports in every way possible. We hope you have a pleasant stay.

    – 

  • 1

    As soon as you expose anything to the public Internet, you will be hit by a barrage of bots trying to break in. That is why we have firewalls, IDS, IPS, and may other security tools.

    – 

  • It’s an company internal server, but it looks like they are present (although intermittent) in our lower test environments. That should give us some clues as to where they are coming from. Looks like they are meant for a UI. Will probably delete this question as it’s probably too vague.

    – 

  • More than anything it’s off topic because it’s not about programming. Good luck on your investigation

    – 

  • 1

    First, you question rather belongs serverfault.com. The requests come from internal IP addresses. You mentioned “lower test environment”. You should check software that runs on hosts in this environment. It may be misconfigured and sends some data to the listening port of your flask server.

    – 

Leave a Comment