[mailop] Barracuda ESS is mass-accessing websites on my server, why?

Kevin A. McGrail via mailop Wed, 01 Apr 2020 13:26:12 -0700

Anyone from Barracuda on the list or have a contact?

I have a screenshot and logs showing a lot of concurrent accesses from
209.222.82.X which appears to be IPs for ess barracuda.  I'd normally
call it a DOS attack.  Looks like robots gone bad but they aren't using
a proper robot tag or honoring the robots.txt crawl-delay either:


209.222.82.234 - - [01/Apr/2020:14:37:25 -0400] "GET / HTTP/1.0" 200
11771 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W
OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.234.236551585766180153"
209.222.82.235 - - [01/Apr/2020:14:43:30 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.235.236671585766183863"
209.222.82.229 - - [01/Apr/2020:14:45:00 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.229.23733158576618728"
209.222.82.232 - - [01/Apr/2020:14:45:01 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.232.23651158576618449"
209.222.82.235 - - [01/Apr/2020:14:45:08 -0400] "GET / HTTP/1.0" 200
11680 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W
OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.235.123711585766184763"
209.222.82.235 - - [01/Apr/2020:14:45:09 -0400] "GET / HTTP/1.0" 200
11680 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W
OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.235.123691585766185460"
209.222.82.235 - - [01/Apr/2020:14:45:15 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.235.123721585766186775"
209.222.82.230 - - [01/Apr/2020:14:45:16 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.230.237121585766186232"
209.222.82.229 - - [01/Apr/2020:14:45:16 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.229.236641585766185777"
209.222.82.228 - - [01/Apr/2020:14:45:17 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.228.23666158576618427"
209.222.82.228 - - [01/Apr/2020:14:45:17 -0400] "GET / HTTP/1.0" 200
11680 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W
OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.228.236531585766184100"
209.222.82.231 - - [01/Apr/2020:14:45:19 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.231.236571585766184178"
209.222.82.232 - - [01/Apr/2020:14:45:21 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.232.237341585766187267"
209.222.82.229 - - [01/Apr/2020:14:45:21 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.229.123701585766184123"
209.222.82.235 - - [01/Apr/2020:14:45:23 -0400] "GET / HTTP/1.0" 200
11680 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W
OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.235.237601585766188315"
209.222.82.231 - - [01/Apr/2020:14:45:23 -0400] "GET / HTTP/1.0" 200
8899 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WO
W64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.231.237591585766188286"
209.222.82.230 - - [01/Apr/2020:16:03:21 -0400] "GET / HTTP/1.0" 200
11771 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; W
OW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET
CLR 3.0.30729)" "209.222.82.230.8481585771256694"

Regards,

KAM

-- 
*Kevin A. McGrail*
CEO Emeritus

Peregrine Computer Consultants Corporation
10311 Cascade Lane
Fairfax, VA 22032

http://www.pccc.com/

703-359-9700 / 800-823-8402 (Toll-Free)
703-798-0171 (wireless)
kmcgr...@pccc.com <mailto:kmcgr...@pccc.com>

https://www.linkedin.com/in/kmcgrail

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Barracuda ESS is mass-accessing websites on my server, why?

Reply via email to