[CentOS-mirror] Chinese addresses requesting excessive iso's?

Wed Apr 27 21:07:33 UTC 2022
Stephen Smoogen <ssmoogen at redhat.com>

On Wed, 27 Apr 2022 at 14:27, Stephen Smoogen <ssmoogen at redhat.com> wrote:

>
>
> On Wed, 27 Apr 2022 at 14:16, Russell Jones <arjones85 at gmail.com> wrote:
>
>> So, for whatever reason my mirror seems to be getting targeted by China:
>>
>> [root at repos ~]# tail -f access.log | grep 403
>> 112.22.135.89 - - [27/Apr/2022:13:10:52 -0500] "GET
>> /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1"
>> 403 153 "-" "curl/7.29.0"
>>
>
> <deleted>
>

There was a centos-infra ticket on this earlier this week
https://pagure.io/centos-infra/issue/758
and curl/7.29.0 is the default C7 curl. Looking at the Fedora mirrormanager
stats that is a minority of tools pulling epel-7 requests and probably C7
also. Probably find to put in a webserver filter which just rejects that as
a tool to the mirror.


> I geoblocked the country about a week ago, but the requests haven't
>> stopped. It was at the level that it was maxing out my 1gbit/sec link until
>> I did something.
>>
>> Anyone else seeing anything similar?
>>
>>
> I have seen this going for about 10 years with different mirrors. The
> connections are one of three things:
> 1. Automated downloaders getting blocked by Great-Firewall configurations
> getting to a certain point
> 2. Malware installed on a lot of systems being commanded to download the
> software and desist. This is usually done to cause bandwidth issues all
> through the stack. They are either getting stopped by firewalls or just
> stopping the connections themselves as part of the badness.
>
> From mirror managing Fedora, number 2 seems to be more likely as a lot of
> the IP addresses doing this never show up on asking mirrormanager for
> downloads. Instead they seem to have gotten a list of mirrors from some
> third party and are being commanded to do the infinite downloads. I don't
> know if this is similar with what is going on now.
>
>
>
>>
>>
>> _______________________________________________
>> CentOS-mirror mailing list
>> CentOS-mirror at centos.org
>> https://lists.centos.org/mailman/listinfo/centos-mirror
>>
>
>
> --
> Stephen Smoogen, Red Hat Automotive
> Let us be kind to one another, for most of us are fighting a hard battle.
> -- Ian MacClaren
>


-- 
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20220427/5d3d0133/attachment-0003.html>