400 Get Bad Request

Home Forums BulletProof Security Pro 400 Get Bad Request

Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #31305
    Mark
    Participant

    Every couple of hours I am getting a Security Log email. For some reason I am getting  a lot of  “400 Get Bad Requests”. An example would be:

    [400 GET Bad Request: November 2, 2016 9:19 pm]
    Event Code: The request could not be understood by the server due to malformed syntax.
    Solution: N/A - Malformed Request - Not an Attack
    REMOTE_ADDR: 187.7.197.152
    Host Name: 187-7-197-152.pvoce702.dsl.brasiltelecom.net.br
    SERVER_PROTOCOL: HTTP/1.0
    HTTP_CLIENT_IP:
    HTTP_FORWARDED:
    HTTP_X_FORWARDED_FOR:
    HTTP_X_CLUSTER_CLIENT_IP:
    REQUEST_METHOD: GET
    HTTP_REFERER:
    REQUEST_URI: /wp-login.php
    QUERY_STRING:
    HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1

    What is the proper way of handling so many of these bad requests, there are about one every two or three minutes. Is there a way to turn off the email or reduce the frequency?

    #31306
    AITpro Admin
    Keymaster

    See this information about IP address:  187.7.197.152.  It is a known blacklisted IP.  http://www.abuseat.org/lookup.cgi?ip=187.7.197.152

    IP Address 187.7.197.152 is listed in the CBL. It shows signs of being infected with a spam sending trojan, malicious link or some other form of botnet.

    It was last detected at 2016-10-25 15:00 GMT (+/- 30 minutes), approximately 8 days, 6 hours, 30 minutes ago.

    This IP is infected with Hajime, Wopbot, Mirai or similar malware, primarily used for DDOS attacks via IoT devices. See Mirai: The IoT Bot That Took Down Krebs and Launched a Tbps DDoS Attack on OVH for more information.

    A 400 Bad Request is a malformed bad Request. Since the Request is malformed/bad it cannot hurt your website. Not sure what you mean about turning off emails or reducing the frequency of emails? Which emails/email setting are you referring to?

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.