Resolved ssl_log question?

[Richard Follett]

can someone please explain these entries?

213.248.211.195 - - [28/May/2017:11:55:24 +0100] "\x15\x03\x03\x00\x02\x02(" 400 166 "-" "-"
213.248.211.193 - - [29/May/2017:03:14:29 +0100] "\x15\x03\x03\x00\x02\x02(" 400 166 "-" "-"

 

[Richard Follett]

also these in the access_log_processed:

47.203.93.185 - - [28/May/2017:23:49:08 +0100] "\x04\x01\x00P\xC0c\xF660\x00" 400 166 "-" "-"
47.203.93.185 - - [28/May/2017:23:49:08 +0100] "\x04\x01\x00P\xC0c\xF660\x00" 400 166 "-" "-"
47.203.93.185 - - [28/May/2017:23:49:09 +0100] "\x05\x01\x00" 400 166 "-" "-"

 

[Bitpalast]

This looks either like a wrong URL call (someone entered non-ASCII characters as a page name) or a hacking attempt by adding a certain URL encoded special character sequence to a URL.

Error code 400 "bad request" means that the data stream sent from a client was malformed. This can be a technical issue of the client or a deliberately sent request by someone who thinks that with a certain byte order he can compromise your server security.

Nothing to worry about, it's not an error on the system.

 

[Richard Follett]

Thanks Peter - I missed the 400 code.. cheers