While checking the logs of my GAE flask app, I noticed that from June 3rd through June 10th there was a spike on traffick, which is highly unusual for my website. I checked the logs and found the reason for that were 3 IP addresses:
94.154.188.130: 1045 Times, 176.103.88.57: 678 Times, 176.103.85.167: 1392 Times, I have posted the requests on a gist HERE <https://gist.github.com/GuanacoDevs/654be288519995bc09f2aca9921bf009> for the last one with 1392 requests. ipqualityscore <https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/176.103.85.167> says that this is a proxy based from russia, actually the 3 ips in question are from the same data center, and Ip Quality score has it on a 99 Fraud Score while scamalitycs <https://scamalytics.com/ip/176.103.85.167> shows nothing wrong, maybe because is a VPN or something of the likes. According to the logs the first request was at 2022-06-04T08:50:45 with the last on that time frame was on 2022-06-10T01:03:42, so it was not a DOS attack, times between request were as long as 46 minutes and as frequent as 1 second in between. What was that? Was my site being attacked? Or maybe just a someone playing a penetration tester? There were 1273 unique endpoints as listed in the gist above, 98% of them returned a 404. As of today 27+ days, my site has 486 hours usage, during the time frame for this hits, was 214. That raised my bill by US$0.95, is not much but since I do not have traffic on my site I usually pay nothing for it. Of course, if I had more traffic, I wouldn't have noticed this. It was only for close to 6 days if it was to be more frequent is just raising the bill for nothing. How can you protect against this? Best Regards -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/70ee359d-25b0-4851-bd78-74f2291cd529n%40googlegroups.com.
