On Wed, 27 Apr 2022 at 14:27, Stephen Smoogen <ssmoogen at redhat.com> wrote: > > > On Wed, 27 Apr 2022 at 14:16, Russell Jones <arjones85 at gmail.com> wrote: > >> So, for whatever reason my mirror seems to be getting targeted by China: >> >> [root at repos ~]# tail -f access.log | grep 403 >> 112.22.135.89 - - [27/Apr/2022:13:10:52 -0500] "GET >> /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" >> 403 153 "-" "curl/7.29.0" >> > > <deleted> > There was a centos-infra ticket on this earlier this week https://pagure.io/centos-infra/issue/758 and curl/7.29.0 is the default C7 curl. Looking at the Fedora mirrormanager stats that is a minority of tools pulling epel-7 requests and probably C7 also. Probably find to put in a webserver filter which just rejects that as a tool to the mirror. > I geoblocked the country about a week ago, but the requests haven't >> stopped. It was at the level that it was maxing out my 1gbit/sec link until >> I did something. >> >> Anyone else seeing anything similar? >> >> > I have seen this going for about 10 years with different mirrors. The > connections are one of three things: > 1. Automated downloaders getting blocked by Great-Firewall configurations > getting to a certain point > 2. Malware installed on a lot of systems being commanded to download the > software and desist. This is usually done to cause bandwidth issues all > through the stack. They are either getting stopped by firewalls or just > stopping the connections themselves as part of the badness. > > From mirror managing Fedora, number 2 seems to be more likely as a lot of > the IP addresses doing this never show up on asking mirrormanager for > downloads. Instead they seem to have gotten a list of mirrors from some > third party and are being commanded to do the infinite downloads. I don't > know if this is similar with what is going on now. > > > >> >> >> _______________________________________________ >> CentOS-mirror mailing list >> CentOS-mirror at centos.org >> https://lists.centos.org/mailman/listinfo/centos-mirror >> > > > -- > Stephen Smoogen, Red Hat Automotive > Let us be kind to one another, for most of us are fighting a hard battle. > -- Ian MacClaren > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20220427/5d3d0133/attachment-0003.html>