Hello,


We also had the same problem and blocked China. Problem solved.


6.10.2020 01:23 tarihinde Christopher Hawker yazdı:
Hi Thomas,

You could simply use GeoIP Blocking to filter out any traffic from China. Here's a link to achieve this for Apache: https://www.cloudibee.com/geoip-based-country-blocking-for-apache/.

Regards,
Christopher Hawker


From: CentOS-mirror <centos-mirror-bounces@centos.org> on behalf of Thomas Enos <thomas.enos@afghan-wireless.com>
Sent: Tuesday, 6 October 2020 4:34 AM
To: Mailing list for CentOS mirrors. <centos-mirror@centos.org>; CEDIA FOSS Mirrors <mirror@cedia.org.ec>
Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror
 
We can confirm being hit by 27.221.66.0/24 pulling the same iso as well.  What action was taken to address this by your networks?

Thanks,

From: CentOS-mirror <centos-mirror-bounces@centos.org> on behalf of Bogdan-Stefan Rotariu <bogdan.rotariu@chroot.ro>
Reply to: "Mailing list for CentOS mirrors." <centos-mirror@centos.org>
Date: Monday, 5 October 2020 at 9:30 PM
To: CEDIA FOSS Mirrors <mirror@cedia.org.ec>, "Mailing list for CentOS mirrors." <centos-mirror@centos.org>
Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

[EXTERNAL EMAIL] This is an external email, please make sure the sender is well known before clicking on any link or opening an attachment, if spam report it to CIRT@afghan-wireless.com

Hi there,

On Oct 5, 2020, at 20:24, CEDIA FOSS Mirrors via CentOS-mirror <centos-mirror@centos.org> wrote:
hi

<snip>

112.95.214.226 - China Unicom Guangdong province network
223.88.61.170   - China Mobile Communications Corporation
171.41.7.29       - CHINANET Hubei province network
120.84.10.190   - China Unicom Guangdong province network
27.221.66.104   - China Unicom Shandong province network
27.221.66.105   - China Unicom Shandong province network
112.32.21.93     - China Mobile Communications Corporation
27.221.49.135   - China Unicom Shandong province network

Have you noticed that in your mirrors? look for these IP and notice if they have been trying to continously download iso

We did encounter the same issues with the same IP addresses and same iso file. Till now I thought it was an isolated issue..


Bogdan-Stefan Rotariu
CTO,Founder
Chroot Network SRL
WEB: http://www.chroot.ro<http://track.chroot.ro/?a=10395&m=&n=&s=12c000000d625fc&u=http%3a%2f%2fwww.chroot.ro%3futm_source%3d%26utm_medium%3demail%26utm_campaign%3dunspecified&t=&e=contact%40chroot.ro&h=8a6c74da>
Phone: +40-731-247-668<tel:+40-731-247-668>
Suport tehnic: suport@chroot.ro<mailto:suport@chroot.ro>
Suport vanzari: vanzari@chroot.ro<mailto:vanzari@chroot.ro>
Contact general: contact@chroot.ro<mailto:contact@chroot.ro>

_______________________________________________
CentOS-mirror mailing list
CentOS-mirror@centos.org
https://lists.centos.org/mailman/listinfo/centos-mirror

_______________________________________________
CentOS-mirror mailing list
CentOS-mirror@centos.org
https://lists.centos.org/mailman/listinfo/centos-mirror
--
İyi Çalışmalar / Best Regards,
Cihan Nimsi
C-Level Executive
Logo
 
İçerenköy Mh. Ertaç Sk. Ardil İş Merkezi
No: 4/2 Kat: 1 Ataşehir/İSTANBUL
Telefon +90 850 885 0 558 - 1001
www.guzel.net.tr
Facebook  Twitter icon  Instagram icon
Bu e-mailin içeriği gizlidir ve sadece bu e-mailin alıcısına özeldir. Göndericinin izni olmadan bu mesajın 3. taraflarla paylaşılması yasaktır. Eğer bu e-mail size yanlışlıkla gönderildiyse, lütfen bu e-maili yanıtlayıp siliniz, böylece aynı hata tekrar olmayacaktır.
The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.