I am seeing almost 3000 entries in access_log of my VPS for 408 status code.
Here is an example.
86.220.66.228 - - [03/Apr/2016:08:39:12 -0400] "GET /?p=444 HTTP/1.1" 200 5748 "-""Mozilla/5.0 (Windows NT 10.0; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0"86.220.66.228 - - [03/Apr/2016:08:40:09 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:41:02 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:41:55 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:42:48 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:43:41 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:44:33 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:45:25 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:46:19 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:47:13 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:48:05 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:48:59 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:49:51 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:50:44 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:51:36 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:52:27 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:54:35 -0400] "-" 408 0 "-""-"86.220.66.228 - - [03/Apr/2016:08:55:26 -0400] "-" 408 0 "-""-"Most of the time, the IPs that cause 408 error, first connect to a page on my server successfully and then generates 408 code with a specific interval, as seen above log.
And most of the IPs originate from a web server with strange domains:
nslookup 86.220.66.228Non-authoritative answer:228.66.220.86.in-addr.arpa name = ACaen-653-1-95-228.w86-220.abo.wanadoo.fr.Those 3000 entries are generated by around 180 different IPs, mostly again by the servers, not normal user IPs.
Do you think this is done by malicious reasons or is there something misconfigured on my server?
