Hello, same thing on my end. Decided to geoblock the entire country as well. ------- Regards, Sebastian Bobriuc On 4/28/22 15:00, centos-mirror-request at centos.org wrote: > Send CentOS-mirror mailing list submissions to > centos-mirror at centos.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.centos.org/mailman/listinfo/centos-mirror > or, via email, send a message with subject or body 'help' to > centos-mirror-request at centos.org > > You can reach the person managing the list at > centos-mirror-owner at centos.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CentOS-mirror digest..." > > > Today's Topics: > > 1. Chinese addresses requesting excessive iso's? (Russell Jones) > 2. Re: Chinese addresses requesting excessive iso's? > (Stephen Smoogen) > 3. Re: Chinese addresses requesting excessive iso's? (Paul Mezzanini) > 4. Re: Chinese addresses requesting excessive iso's? > (Alexandre Leonenko) > 5. Re: Chinese addresses requesting excessive iso's? (Quantum Mirror) > 6. Re: Chinese addresses requesting excessive iso's? > (Stephen Smoogen) > 7. Re: Chinese addresses requesting excessive iso's? > (John 'Warthog9' Hawley) > 8. Re: Chinese addresses requesting excessive iso's? (Russell Jones) > 9. Re: Chinese addresses requesting excessive iso's? (Alex Iribarren) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 27 Apr 2022 13:15:50 -0500 > From: Russell Jones <arjones85 at gmail.com> > To: "Mailing list for CentOS mirrors." <CentOS-mirror at centos.org> > Subject: [CentOS-mirror] Chinese addresses requesting excessive iso's? > Message-ID: > <CABb1d=hJa9WrssV4de_HP=g_+kY5qcpJUF7qWCxx3EpNQu7Jzw at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > So, for whatever reason my mirror seems to be getting targeted by China: > > [root at repos ~]# tail -f access.log | grep 403 > 112.22.135.89 - - [27/Apr/2022:13:10:52 -0500] "GET > /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 183.206.56.187 - - [27/Apr/2022:13:10:52 -0500] "GET > /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 112.22.157.33 - - [27/Apr/2022:13:10:52 -0500] "GET > /centos/8.5.2111/isos/aarch64/CentOS-8.5.2111-aarch64-dvd1.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 223.107.42.112 - - [27/Apr/2022:13:10:52 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 112.22.156.85 - - [27/Apr/2022:13:10:53 -0500] "GET > /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 223.107.40.234 - - [27/Apr/2022:13:10:53 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 140.224.157.57 - - [27/Apr/2022:13:10:54 -0500] "GET > /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 223.107.6.85 - - [27/Apr/2022:13:10:54 -0500] "GET > /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 112.22.156.108 - - [27/Apr/2022:13:10:54 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 218.67.20.149 - - [27/Apr/2022:13:10:55 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 120.43.124.48 - - [27/Apr/2022:13:10:55 -0500] "GET > /centos/8.5.2111/isos/aarch64/CentOS-8.5.2111-aarch64-dvd1.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 112.22.152.194 - - [27/Apr/2022:13:10:55 -0500] "GET > /centos/8.5.2111/isos/aarch64/CentOS-8.5.2111-aarch64-dvd1.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 120.43.125.124 - - [27/Apr/2022:13:10:56 -0500] "GET > /centos/8.5.2111/isos/aarch64/CentOS-8.5.2111-aarch64-dvd1.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 223.107.42.113 - - [27/Apr/2022:13:10:56 -0500] "GET > /centos/8.5.2111/isos/aarch64/CentOS-8.5.2111-aarch64-dvd1.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 183.250.140.251 - - [27/Apr/2022:13:10:56 -0500] "GET > /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 112.22.156.51 - - [27/Apr/2022:13:10:56 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 183.250.140.54 - - [27/Apr/2022:13:10:57 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 183.250.140.251 - - [27/Apr/2022:13:10:57 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 121.206.58.145 - - [27/Apr/2022:13:10:57 -0500] "GET > /centos/8.5.2111/isos/aarch64/CentOS-8.5.2111-aarch64-dvd1.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 183.250.141.44 - - [27/Apr/2022:13:10:57 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 183.250.140.191 - - [27/Apr/2022:13:10:57 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 183.250.141.209 - - [27/Apr/2022:13:10:57 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 112.109.212.65 - - [27/Apr/2022:13:10:58 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 112.109.212.13 - - [27/Apr/2022:13:10:58 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 223.107.43.135 - - [27/Apr/2022:13:10:58 -0500] "GET > /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 117.80.215.77 - - [27/Apr/2022:13:10:58 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > 117.80.215.137 - - [27/Apr/2022:13:10:59 -0500] "GET > /centos/8.5.2111/isos/aarch64/CentOS-8.5.2111-aarch64-dvd1.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 112.22.152.61 - - [27/Apr/2022:13:11:01 -0500] "GET > /centos/8.5.2111/isos/aarch64/CentOS-8.5.2111-aarch64-dvd1.iso HTTP/1.1" > 403 153 "-" "curl/7.29.0" > 27.158.193.43 - - [27/Apr/2022:13:11:01 -0500] "GET > /centos/8.5.2111/isos/x86_64/CentOS-8.5.2111-x86_64-dvd1.iso HTTP/1.1" 403 > 153 "-" "curl/7.29.0" > > > I geoblocked the country about a week ago, but the requests haven't > stopped. It was at the level that it was maxing out my 1gbit/sec link until > I did something. > > Anyone else seeing anything similar? > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20220427/d2b80cdd/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Wed, 27 Apr 2022 14:27:32 -0400 > From: Stephen Smoogen <ssmoogen at redhat.com> > To: "Mailing list for CentOS mirrors." <centos-mirror at centos.org> > Subject: Re: [CentOS-mirror] Chinese addresses requesting excessive > iso's? > Message-ID: > <CALtZD8zgGX=qzUHngEj-gcnNwLdKmJGXEN81JrR2r_4BxRP+tg at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > On Wed, 27 Apr 2022 at 14:16, Russell Jones <arjones85 at gmail.com> wrote: > >> So, for whatever reason my mirror seems to be getting targeted by China: >> >> [root at repos ~]# tail -f access.log | grep 403 >> 112.22.135.89 - - [27/Apr/2022:13:10:52 -0500] "GET >> /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso HTTP/1.1" >> 403 153 "-" "curl/7.29.0" >> > <deleted> > >> I geoblocked the country about a week ago, but the requests haven't >> stopped. It was at the level that it was maxing out my 1gbit/sec link until >> I did something. >> >> Anyone else seeing anything similar? >> >> > I have seen this going for about 10 years with different mirrors. The > connections are one of three things: > 1. Automated downloaders getting blocked by Great-Firewall configurations > getting to a certain point > 2. Malware installed on a lot of systems being commanded to download the > software and desist. This is usually done to cause bandwidth issues all > through the stack. They are either getting stopped by firewalls or just > stopping the connections themselves as part of the badness. > > >From mirror managing Fedora, number 2 seems to be more likely as a lot of > the IP addresses doing this never show up on asking mirrormanager for > downloads. Instead they seem to have gotten a list of mirrors from some > third party and are being commanded to do the infinite downloads. I don't > know if this is similar with what is going on now. > > > >> >> _______________________________________________ >> CentOS-mirror mailing list >> CentOS-mirror at centos.org >> https://lists.centos.org/mailman/listinfo/centos-mirror >> >