You can fill out this form [1] to report suspected abuse on Google Cloud Platform.
Also, as a workaround, you can block abusive IP addresses as established here [2]: *you can use the App Engine firewall to block traffic to your app from IP addresses that present malicious intent or shield your app from denial of service attacks and similar forms of abuse. You can add IP addresses or subnetworks to a denylist so that requests routed from those addresses and subnetworks are denied before they reach your App Engine app.* [1]:https://support.google.com/code/contact/cloud_platform_report [2]: https://cloud.google.com/appengine/docs/standard/java/application-security#app_engine_firewall On Tuesday, June 28, 2022 at 10:46:10 AM UTC-5 guana...@gmail.com wrote: > While checking the logs of my GAE flask app, I noticed that from June 3rd > through June 10th there was a spike on traffick, which is highly unusual > for my website. > I checked the logs and found the reason for that were 3 IP addresses: > > 94.154.188.130: 1045 Times, > 176.103.88.57: 678 Times, > 176.103.85.167: 1392 Times, > > I have posted the requests on a gist HERE > <https://gist.github.com/GuanacoDevs/654be288519995bc09f2aca9921bf009> for > the last one with 1392 requests. ipqualityscore > <https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/176.103.85.167> > says > that this is a proxy based from russia, actually the 3 ips in question are > from the same data center, and Ip Quality score has it on a 99 Fraud Score > while scamalitycs <https://scamalytics.com/ip/176.103.85.167> shows > nothing wrong, maybe because is a VPN or something of the likes. > > According to the logs the first request was at 2022-06-04T08:50:45 with > the last on that time frame was on 2022-06-10T01:03:42, so it was not a DOS > attack, times between request were as long as 46 minutes and as frequent as > 1 second in between. > > What was that? Was my site being attacked? Or maybe just a someone playing > a penetration tester? > > There were 1273 unique endpoints as listed in the gist above, 98% of them > returned a 404. As of today 27+ days, my site has 486 hours usage, during > the time frame for this hits, was 214. > That raised my bill by US$0.95, is not much but since I do not have > traffic on my site I usually pay nothing for it. Of course, if I had more > traffic, I wouldn't have noticed this. > It was only for close to 6 days if it was to be more frequent is just > raising the bill for nothing. > > How can you protect against this? > > Best Regards > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/4883a331-1c6d-4ba8-8428-b0a2daffe902n%40googlegroups.com.
