Hi all,
A few hours ago, git.parabola.nu started getting slammed by requests,
and maxing out the CPU. The requests were coming from changing IPs
(one IP might be used for 30ish requests) and randomized User-Agent
strings taken from actual browsers (though often quote old browser
versions). Of the ~40,000 IPs that hit git.parabola.nu in a 3-hour
block, about a quarter of them are from AS136907 (Huawei Cloud).
I've gone ahead and set up iptables rules to block all of AS136907.
LMK if this causes any issues for legitimate users.
I'll watch `sudo iptables --verbose --numeric --list INPUT` over the
next few days and might relax it to just a few subnets.
For comparison with what we see in a few days, here's a `sort -n` of
the subnets that have tripped it so far:
pkts bytes target prot opt in out source
destination
6 360 DROP all -- * * 101.44.64.0/19
0.0.0.0/0
6 360 DROP all -- * * 119.8.24.0/21
0.0.0.0/0
9 629 DROP all -- * * 119.8.232.0/21
0.0.0.0/0
12 720 DROP all -- * * 119.13.64.0/18
0.0.0.0/0
12 720 DROP all -- * * 150.40.128.0/17
0.0.0.0/0
12 720 DROP all -- * * 182.160.0.0/19
0.0.0.0/0
16 960 DROP all -- * * 119.12.160.0/20
0.0.0.0/0
18 1080 DROP all -- * * 119.8.32.0/19
0.0.0.0/0
18 1080 DROP all -- * * 159.138.128.0/19
0.0.0.0/0
18 1080 DROP all -- * * 189.1.192.0/18
0.0.0.0/0
24 1440 DROP all -- * * 101.46.0.0/20
0.0.0.0/0
24 1440 DROP all -- * * 27.106.0.0/17
0.0.0.0/0
30 1800 DROP all -- * * 121.91.168.0/21
0.0.0.0/0
30 1800 DROP all -- * * 159.138.0.0/18
0.0.0.0/0
48 2880 DROP all -- * * 190.92.192.0/18
0.0.0.0/0
52 3224 DROP all -- * * 94.74.64.0/18
0.0.0.0/0
54 3240 DROP all -- * * 166.108.192.0/18
0.0.0.0/0
60 3600 DROP all -- * * 101.44.160.0/19
0.0.0.0/0
61 3660 DROP all -- * * 110.238.104.0/21
0.0.0.0/0
66 3960 DROP all -- * * 159.138.96.0/19
0.0.0.0/0
82 4920 DROP all -- * * 101.44.0.0/18
0.0.0.0/0
84 5040 DROP all -- * * 188.239.0.0/18
0.0.0.0/0
91 5364 DROP all -- * * 122.8.128.0/18
0.0.0.0/0
107 6420 DROP all -- * * 111.119.192.0/18
0.0.0.0/0
150 9000 DROP all -- * * 46.250.160.0/19
0.0.0.0/0
164 9944 DROP all -- * * 124.243.128.0/18
0.0.0.0/0
533 27608 DROP all -- * * 114.119.128.0/18
0.0.0.0/0
936 56160 DROP all -- * * 202.76.160.0/19
0.0.0.0/0
3094 186K DROP all -- * * 146.174.128.0/18
0.0.0.0/0
I'm not particularly keen on playing IP-wack-a-mole with
poorly-behaved AI scrapers. How do you all feel about deploying
Anubis (https://anubis.techaro.lol/) in front of git.parabola.nu and
maybe other subdomains? It's already used on gcc.gnu.org and a few
archlinux.org domains.
--
Happy hacking,
~ Luke T. Shumaker
_______________________________________________
Dev mailing list
[email protected]
https://lists.parabola.nu/mailman/listinfo/dev
