AWS Network Health - bot spam?
I notice this recently in the apache logs:
"HEAD /favicon.ico HTTP/1.1" 301 - "-" "AWS Network Health / Contact abuse@amazonaws.com with your website URL to stop"
So over a few days I've seen 45k hits from 11k unique IP addresses and for the dozen or so IP checked, they all were AWS IPs addresses.
It's also just port :80 and no other traffic for the IPs I've check.
Any idea what this might be?
1 Reply
eruzanski
Linode Staff
It's not uncommon to encounter requests of this nature within your web server logs. In this specific instance, the log entry signifies a "HEAD" request directed at the "/favicon.ico" file, yielding a response code of 301. Notably, the reference to "abuse@amazonaws.com" appears to be genuine, dispelling my concerns of spoofing or malicious intent.
Nevertheless, given the substantial volume of requests you've described, it's understandable how this could rapidly inundate your logs and prove to be quite cumbersome. The observation of 45,000 hits originating from 11,000 distinct IP addresses, all linked to AWS, strongly suggests that these requests are stemming from automated systems or AWS health-check protocols.
Have you considered contacting the "abuse@amazonaws.com" email address with your website URL to request a cessation of this traffic? Since these requests seem to be authentic, engaging with AWS appears to be the most prudent course of action to mitigate any further requests.