Hi Team
for the last 3 days my tomcat access logs are increasing a lot, like 5gb / day.
Most lines are like:
10.66.66.10 - - [24/Jan/2020:09:24:40 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 11757
10.66.66.10 - - [24/Jan/2020:09:24:41 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 17476
10.66.66.10 - - [24/Jan/2020:09:24:42 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 18255
10.66.66.10 - - [24/Jan/2020:09:24:45 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 349
10.66.66.10 - - [24/Jan/2020:09:24:46 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 827
10.66.66.10 - - [24/Jan/2020:09:24:52 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 827
10.66.66.10 - - [24/Jan/2020:09:24:55 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 162
10.66.66.10 - - [24/Jan/2020:09:24:55 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 162
10.66.66.10 - - [24/Jan/2020:09:24:55 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 36032
10.66.66.10 - - [24/Jan/2020:09:24:59 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 17477
10.66.66.10 - - [24/Jan/2020:09:25:00 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 18257
10.66.66.10 - - [24/Jan/2020:09:25:13 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 12701
10.66.66.10 - - [24/Jan/2020:09:25:15 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 17902
10.66.66.10 - - [24/Jan/2020:09:25:15 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 19608
10.66.66.10 - - [24/Jan/2020:09:25:17 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 12488
10.66.66.10 - - [24/Jan/2020:09:25:20 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 14528
10.66.66.10 - - [24/Jan/2020:09:25:21 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 23888
10.66.66.10 - - [24/Jan/2020:09:25:27 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 877
10.66.66.10 - - [24/Jan/2020:09:25:29 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 12276
10.66.66.10 - - [24/Jan/2020:09:25:35 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 18395
10.66.66.10 - - [24/Jan/2020:09:25:36 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 558
10.66.66.10 - - [24/Jan/2020:09:25:37 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 7705
10.66.66.10 - - [24/Jan/2020:09:26:30 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 6715
10.66.66.10 - - [24/Jan/2020:09:26:31 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 3564
10.66.66.10 - - [24/Jan/2020:09:26:33 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 5236
10.66.66.10 - - [24/Jan/2020:09:26:42 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 178
10.66.66.10 - - [24/Jan/2020:09:26:46 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 231
10.66.66.10 - - [24/Jan/2020:09:26:48 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 179
10.66.66.10 - - [24/Jan/2020:09:26:55 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 231
10.66.66.10 - - [24/Jan/2020:09:26:58 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 259
10.66.66.10 - - [24/Jan/2020:09:26:59 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 8036
10.66.66.10 - - [24/Jan/2020:09:27:31 +0200] “POST /app/HEARTBEAT/?v-uiId=0 HTTP/1.1” 200 -
10.66.66.10 - - [24/Jan/2020:09:29:09 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 4461
10.66.66.10 - - [24/Jan/2020:09:29:16 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 183
10.66.66.10 - - [24/Jan/2020:09:29:34 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 235
10.66.66.10 - - [24/Jan/2020:09:29:36 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 182
10.66.66.10 - - [24/Jan/2020:09:29:43 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 235
10.66.66.10 - - [24/Jan/2020:09:30:32 +0200] “POST /app/HEARTBEAT/?v-uiId=0 HTTP/1.1” 200 -
10.66.66.10 - - [24/Jan/2020:09:30:51 +0200] “POST /app/HEARTBEAT/?v-uiId=1 HTTP/1.1” 200 -
10.66.66.10 - - [24/Jan/2020:09:31:01 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 266
10.66.66.10 - - [24/Jan/2020:09:31:01 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 8147
10.66.66.10 - - [24/Jan/2020:09:31:08 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 4461
10.66.66.10 - - [24/Jan/2020:09:31:12 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 183
10.66.66.10 - - [24/Jan/2020:09:31:17 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 235
10.66.66.10 - - [24/Jan/2020:09:31:19 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 182
10.66.66.10 - - [24/Jan/2020:09:31:23 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 235
10.66.66.10 - - [24/Jan/2020:09:31:26 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 266
10.66.66.10 - - [24/Jan/2020:09:31:26 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 8228
10.66.66.10 - - [24/Jan/2020:09:31:39 +0200] “POST /app/UIDL/?v-uiId=0 HTTP/1.1” 200 8117
10.66.66.10 is my reverse proxy IP so I don’t know the real IP.
Is this some kind of attack?
What course of action do you recommend?
Thanks
George