0

I am getting these in my Apache Access log

ip-XXX-XXX-XXX-XXX.ec2.internal:80 198.58.103.115 - - [19/Nov/2015:14:39:37 +0530] "GET /feed HTTP/1.1" 302 595 "-" "Superfeedr bot/2.0 http://superfeedr.com - Make your feeds realtime: get in touch - feed-id:XXXXXXXXX"

I don't understand why it is showing my server private IP rather than its public IP. How did they find it? And how can they make request to it considering it is not world accessible.

  • 1
    is your instance in a VPC? what is your SG for this instance? – tedder42 Nov 19 '15 at 12:31
  • 1
    Hum. I run Superfeedr... We 'found' your feed because one of our customers supplied us this URL for us to fetch. Do you mind sharing the feed-id? I could be more precise with that info! Feel free to reach out by email julien@superfeedr.com – Julien Genestoux Nov 19 '15 at 13:57
  • @JulienGenestoux Sure feed ID is 65535032. I don't understand how it got my server private IP. Other than this I have a feedback. Your bot seems to check for feed once every 8 minutes, which is too high considering I made 0 post on my blog in past two years :p. Btw I found RSS feed have `` and `` which you can probably use –  Nov 19 '15 at 14:24
  • I'm not putting this as an answer because I can't provide proof, but in EC2-Classic you can access any customer's server through their private IP, given an open SG. This has changed in the more modern VPC world. – tedder42 Nov 19 '15 at 15:17
  • Thanks @VarunAgw. Your private IP is linked to by the domain VarunAgw.com and the feed http://www.VarunAgw.com/feed – Julien Genestoux Nov 19 '15 at 15:32

0 Answers0