[CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

Tue Oct 6 13:23:29 UTC 2020
Cihan Nimsi <cihan at guzel.net.tr>

Hello,


We also had the same problem and blocked China. Problem solved.


6.10.2020 01:23 tarihinde Christopher Hawker yazdı:
> Hi Thomas,
>
> You could simply use GeoIP Blocking to filter out any traffic from 
> China. Here's a link to achieve this for Apache: 
> https://www.cloudibee.com/geoip-based-country-blocking-for-apache/.
>
> Regards,
> Christopher Hawker
>
>
> ------------------------------------------------------------------------
> *From:* CentOS-mirror <centos-mirror-bounces at centos.org> on behalf of 
> Thomas Enos <thomas.enos at afghan-wireless.com>
> *Sent:* Tuesday, 6 October 2020 4:34 AM
> *To:* Mailing list for CentOS mirrors. <centos-mirror at centos.org>; 
> CEDIA FOSS Mirrors <mirror at cedia.org.ec>
> *Subject:* Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS 
> attack against a mirror
> We can confirm being hit by 27.221.66.0/24 pulling the same iso as 
> well.  What action was taken to address this by your networks?
>
> Thanks,
>
> From: CentOS-mirror <centos-mirror-bounces at centos.org> on behalf of 
> Bogdan-Stefan Rotariu <bogdan.rotariu at chroot.ro>
> Reply to: "Mailing list for CentOS mirrors." <centos-mirror at centos.org>
> Date: Monday, 5 October 2020 at 9:30 PM
> To: CEDIA FOSS Mirrors <mirror at cedia.org.ec>, "Mailing list for CentOS 
> mirrors." <centos-mirror at centos.org>
> Subject: Re: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS 
> attack against a mirror
>
> [EXTERNAL EMAIL] This is an external email, please make sure the 
> sender is well known before clicking on any link or opening an 
> attachment, if spam report it to CIRT at afghan-wireless.com
>
> Hi there,
>
> On Oct 5, 2020, at 20:24, CEDIA FOSS Mirrors via CentOS-mirror 
> <centos-mirror at centos.org> wrote:
> hi
>
> <snip>
>
> 112.95.214.226 - China Unicom Guangdong province network
> 223.88.61.170   - China Mobile Communications Corporation
> 171.41.7.29       - CHINANET Hubei province network
> 120.84.10.190   - China Unicom Guangdong province network
> 27.221.66.104   - China Unicom Shandong province network
> 27.221.66.105   - China Unicom Shandong province network
> 112.32.21.93     - China Mobile Communications Corporation
> 27.221.49.135   - China Unicom Shandong province network
>
> Have you noticed that in your mirrors? look for these IP and notice if 
> they have been trying to continously download iso
>
> We did encounter the same issues with the same IP addresses and same 
> iso file. Till now I thought it was an isolated issue..
>
>> Bogdan-Stefan Rotariu
> CTO,Founder
> Chroot Network SRL
> WEB: 
> http://www.chroot.ro<http://track.chroot.ro/?a=10395&m=&n=&s=12c000000d625fc&u=http%3a%2f%2fwww.chroot.ro%3futm_source%3d%26utm_medium%3demail%26utm_campaign%3dunspecified&t=&e=contact%40chroot.ro&h=8a6c74da>
> Phone: +40-731-247-668<tel:+40-731-247-668>
> Suport tehnic: suport at chroot.ro<mailto:suport at chroot.ro>
> Suport vanzari: vanzari at chroot.ro<mailto:vanzari at chroot.ro>
> Contact general: contact at chroot.ro<mailto:contact at chroot.ro>
>
> _______________________________________________
> CentOS-mirror mailing list
> CentOS-mirror at centos.org
> https://lists.centos.org/mailman/listinfo/centos-mirror
>
> _______________________________________________
> CentOS-mirror mailing list
> CentOS-mirror at centos.org
> https://lists.centos.org/mailman/listinfo/centos-mirror
-- 
İyi Çalışmalar / Best Regards,
Cihan Nimsi
C-Level Executive
Logo <https://www.guzel.net.tr>
İçerenköy Mh. Ertaç Sk. Ardil İş Merkezi
No: 4/2 Kat: 1 Ataşehir/İSTANBUL
Telefon +90 850 885 0 558 - 1001
www.guzel.net.tr <https://www.guzel.net.tr>
Facebook <http://www.facebook.com/guzelhosting> Twitter icon 
<http://twitter.com/guzelhosting> Instagram icon 
<https://www.instagram.com/guzel.hosting>
Bu e-mailin içeriği gizlidir ve sadece bu e-mailin alıcısına özeldir. 
Göndericinin izni olmadan bu mesajın 3. taraflarla paylaşılması 
yasaktır. Eğer bu e-mail size yanlışlıkla gönderildiyse, lütfen bu 
e-maili yanıtlayıp siliniz, böylece aynı hata tekrar olmayacaktır.
The content of this email is confidential and intended for the recipient 
specified in message only. It is strictly forbidden to share any part of 
this message with any third party, without a written consent of the 
sender. If you received this message by mistake, please reply to this 
message and follow with its deletion, so that we can ensure such a 
mistake does not occur in the future.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20201006/0920e2d7/attachment-0002.html>