[CentOS-mirror] Suggestions needed for handling possible abuse

Mon Jul 22 01:58:00 UTC 2019
Anssi Johansson <avij at centosproject.org>

nzspiegel at e-dev.us kirjoitti 22.7.2019 klo 0.30:
> Hello,
> I wanted to ask the list for some feedback on how to handle potential 
> abuse of a mirror. I noticed the following activity:
> [root at centos4 17:22:47] ~ cat 
> /var/log/nginx/centos4.zswap.net.access.log | grep -i firefox | grep 
> | wc -l
> 935671
> After some googling, The IP address is owned by a particular business, 
> but I've redacted it here, to respect their privacy. Whilst it wouldn't 
> be outrageous to have many systems running behind a NAT'd IP address 
> needing updates, 935k requests for the firefox RPM seems a little over 
> the top.
> How do you all handle these kinds of things? Block their IP, reach out 
> to them, or some other method?
> I'd like to prevent this kind of activity, but not sure on the best 
> approach to take. Obviously if I block them from my mirror, the behavior 
> would most likely move over to someone else's.
> Thoughts?

I'd say to block the requests, and contact them and ask them to stop 
doing silly things. If they stop the requests, you can then remove the