Wasn't it fixed by blockeing specific user agent?
#Bad User agents
map $http_user_agent $isbadbrowser {
default 0;
"~*Mozilla/5\.0 \(Linux; Android\)" 1;
"~*Chrome/49\.0\.2623\.87" 1;
"~*Firefox/3.6.3" 1;
}
From: CentOS-mirror <centos-mirror-bounces at centos.org> on behalf of Paul Mezzanini <paul at themezz.com>
Sent: Wednesday, April 27, 2022 11:55:50 AM
To: Mailing list for CentOS mirrors. <centos-mirror at centos.org>
Subject: Re: [CentOS-mirror] Chinese addresses requesting excessive iso's?
We've been noticing the exact same behaviour and are still discussing internally the best way to address it.
On Wed, Apr 27, 2022 at 2:28 PM Stephen Smoogen < ssmoogen at redhat.com<mailto:ssmoogen at redhat.com>> wrote:
On Wed, 27 Apr 2022 at 14:16, Russell Jones < arjones85 at gmail.com<mailto:arjones85 at gmail.com>> wrote:
So, for whatever reason my mirror seems to be getting targeted by China:
[root at repos ~]# tail -f access.log | grep 403
112.22.135.89 - - [27/Apr/2022:13:10:52 -0500] "GET /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" 403 153 "-" "curl/7.29.0"
<deleted>
I geoblocked the country about a week ago, but the requests haven't stopped. It was at the level that it was maxing out my 1gbit/sec link until I did something.
Anyone else seeing anything similar?
I have seen this going for about 10 years with different mirrors. The connections are one of three things:
1. Automated downloaders getting blocked by Great-Firewall configurations getting to a certain point
2. Malware installed on a lot of systems being commanded to download the software and desist. This is usually done to cause bandwidth issues all through the stack. They are either getting stopped by firewalls or just stopping the connections themselves as part of the badness.
>From mirror managing Fedora, number 2 seems to be more likely as a lot of the IP addresses doing this never show up on asking mirrormanager for downloads. Instead they seem to have gotten a list of mirrors from some third party and are being commanded to do the infinite downloads. I don't know if this is similar with what is going on now.
_______________________________________________
CentOS-mirror mailing list
CentOS-mirror at centos.org<mailto:CentOS-mirror at centos.org>
https://lists.centos.org/mailman/listinfo/centos-mirror
--
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
_______________________________________________
CentOS-mirror mailing list
CentOS-mirror at centos.org<mailto:CentOS-mirror at centos.org>
https://lists.centos.org/mailman/listinfo/centos-mirror
________________________________
From: CentOS-mirror <centos-mirror-bounces at centos.org> on behalf of Paul Mezzanini <paul at themezz.com>
Sent: Wednesday, April 27, 2022 11:55:50 AM
To: Mailing list for CentOS mirrors. <centos-mirror at centos.org>
Subject: Re: [CentOS-mirror] Chinese addresses requesting excessive iso's?
We've been noticing the exact same behaviour and are still discussing internally the best way to address it.
On Wed, Apr 27, 2022 at 2:28 PM Stephen Smoogen <ssmoogen at redhat.com<mailto:ssmoogen at redhat.com>> wrote:
On Wed, 27 Apr 2022 at 14:16, Russell Jones <arjones85 at gmail.com<mailto:arjones85 at gmail.com>> wrote:
So, for whatever reason my mirror seems to be getting targeted by China:
[root at repos ~]# tail -f access.log | grep 403
112.22.135.89 - - [27/Apr/2022:13:10:52 -0500] "GET /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" 403 153 "-" "curl/7.29.0"
<deleted>
I geoblocked the country about a week ago, but the requests haven't stopped. It was at the level that it was maxing out my 1gbit/sec link until I did something.
Anyone else seeing anything similar?
I have seen this going for about 10 years with different mirrors. The connections are one of three things:
1. Automated downloaders getting blocked by Great-Firewall configurations getting to a certain point
2. Malware installed on a lot of systems being commanded to download the software and desist. This is usually done to cause bandwidth issues all through the stack. They are either getting stopped by firewalls or just stopping the connections themselves as part of the badness.
>From mirror managing Fedora, number 2 seems to be more likely as a lot of the IP addresses doing this never show up on asking mirrormanager for downloads. Instead they seem to have gotten a list of mirrors from some third party and are being commanded to do the infinite downloads. I don't know if this is similar with what is going on now.
_______________________________________________
CentOS-mirror mailing list
CentOS-mirror at centos.org<mailto:CentOS-mirror at centos.org>
https://lists.centos.org/mailman/listinfo/centos-mirror
--
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
_______________________________________________
CentOS-mirror mailing list
CentOS-mirror at centos.org<mailto:CentOS-mirror at centos.org>
https://lists.centos.org/mailman/listinfo/centos-mirror
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20220427/4afab06e/attachment.html>