<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 27 Apr 2022 at 14:27, Stephen Smoogen <<a href="mailto:ssmoogen@redhat.com">ssmoogen@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, 27 Apr 2022 at 14:16, Russell Jones <<a href="mailto:arjones85@gmail.com" target="_blank">arjones85@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>So, for whatever reason my mirror seems to be getting targeted by China:</div><div><br></div><div><font face="monospace">[root@repos ~]# tail -f access.log | grep 403<br>112.22.135.89 - - [27/Apr/2022:13:10:52 -0500] "GET /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" 403 153 "-" "curl/7.29.0"<br></font></div></div></blockquote><div><br></div><div><deleted> </div></div></div></blockquote><div><br></div><div>There was a centos-infra ticket on this earlier this week <a href="https://pagure.io/centos-infra/issue/758">https://pagure.io/centos-infra/issue/758</a> </div><div>and curl/7.29.0 is the default C7 curl. Looking at the Fedora mirrormanager stats that is a minority of tools pulling epel-7 requests and probably C7 also. Probably find to put in a webserver filter which just rejects that as a tool to the mirror.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><font face="monospace"></font></div><div><font face="arial, sans-serif">I geoblocked the country about a week ago, but the requests haven't stopped. It was at the level that it was maxing out my 1gbit/sec link until I did something.</font></div><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">Anyone else seeing anything similar?</font></div><div><font face="arial, sans-serif"><br></font></div></div></blockquote><div><br></div><div>I have seen this going for about 10 years with different mirrors. The connections are one of three things:</div><div>1. Automated downloaders getting blocked by Great-Firewall configurations getting to a certain point</div><div>2. Malware installed on a lot of systems being commanded to download the software and desist. This is usually done to cause bandwidth issues all through the stack. They are either getting stopped by firewalls or just stopping the connections themselves as part of the badness.</div><div><br></div><div>From mirror managing Fedora, number 2 seems to be more likely as a lot of the IP addresses doing this never show up on asking mirrormanager for downloads. Instead they seem to have gotten a list of mirrors from some third party and are being commanded to do the infinite downloads. I don't know if this is similar with what is going on now. </div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><font face="arial, sans-serif"></font></div><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif"><br></font></div></div>
_______________________________________________<br>
CentOS-mirror mailing list<br>
<a href="mailto:CentOS-mirror@centos.org" target="_blank">CentOS-mirror@centos.org</a><br>
<a href="https://lists.centos.org/mailman/listinfo/centos-mirror" rel="noreferrer" target="_blank">https://lists.centos.org/mailman/listinfo/centos-mirror</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div></div>Stephen Smoogen, Red Hat Automotive<br></div>Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren<br></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div></div>Stephen Smoogen, Red Hat Automotive<br></div>Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren<br></div></div></div>