nzspiegel at e-dev.us kirjoitti 22.7.2019 klo 0.30: > Hello, > > I wanted to ask the list for some feedback on how to handle potential > abuse of a mirror. I noticed the following activity: > > [root at centos4 17:22:47] ~ cat > /var/log/nginx/centos4.zswap.net.access.log | grep -i firefox | grep > 1.2.3.4 | wc -l > 935671 > > After some googling, The IP address is owned by a particular business, > but I've redacted it here, to respect their privacy. Whilst it wouldn't > be outrageous to have many systems running behind a NAT'd IP address > needing updates, 935k requests for the firefox RPM seems a little over > the top. > > How do you all handle these kinds of things? Block their IP, reach out > to them, or some other method? > > I'd like to prevent this kind of activity, but not sure on the best > approach to take. Obviously if I block them from my mirror, the behavior > would most likely move over to someone else's. > > Thoughts? I'd say to block the requests, and contact them and ask them to stop doing silly things. If they stop the requests, you can then remove the block.