Keep Brazil Guy from killing our logs

RESOLVED FIXED

Status

Camino Graveyard
Product Site
--
major
RESOLVED FIXED
8 years ago
7 years ago

People

(Reporter: Smokey Ardisson (offline for a while; not following bugs - do not email), Assigned: ss)

Tracking

Details

Brazil Guy, as 200.19.92.200 is unaffectionately known, has recently been not-updating to the tune of 300K pings a day.  This causes server load, log bloat, and general mayhem (since only 1 of those 300K pings was a well-formed one on a recent day).

We need to stop them from hitting https.

The plan is to block or redirect by IP and query param (so that recent builds like 2.0.3 can keep updating).

[01:17am] smorgan: I really think 402 or 418 is the way to go
[01:18am] ss: Sure, but I think we'll customize that page a bit.
[01:18am] ss: So they know they can contact us to fix the problem if they decide to look.
Severity: normal → major
I rolled the log today after 1/2 month because it had already exceeded 700 MB (and that's with ssl apparently being down all of today).

Comment 2

8 years ago
Maybe we should put up a quick 403 rule while we flesh out a more complex solution.
(Assignee)

Comment 3

8 years ago
We're not going to do this with an Apache rule because doing so will keep generating large log files. The log files in question are access logs so every request (even if it's denied) is logged.

Instead, I'm going to add an entry to the iptables for the bad IP address and specifically for the ssl port (443) which will allow anyone else from that IP to browse our site.

Here's the command (entered as root):

  iptables -A INPUT -s 200.19.92.200 -p tcp --destination-port 443 -j DROP
  service iptables save

To remove it, switch -A to -D and save it to the config file. It works immediately (and yes, I tested it with my own IP address).

I've done this on the server and it should be live.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
OS: Mac OS X → All
Resolution: --- → FIXED
By way of follow-up, the 16th had 382588 pings (~60MB of that day's 90MB of logfile) from Brazil guy.  The 17th had 47375 pings by the time Sam implemented this fix last night (logs are UTC), and no more since then. :)
Whatever happened to the server the other day messed this up :(
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 6

8 years ago
So you ran the command in comment 3 to fix it?
(In reply to comment #3)
> Here's the command (entered as root):
> 
>   iptables -A INPUT -s 200.19.92.200 -p tcp --destination-port 443 -j DROP
>   service iptables save

[5:19pm] ss: Two lines, two commands

:P

OK, Brazil Guy *should* be blocked again.
Status: REOPENED → RESOLVED
Last Resolved: 8 years ago8 years ago
Resolution: --- → FIXED
For future reference:

[9:27pm] ss: iptables -L apparently lists them all.
[9:27pm] ss: (I did iptables -h to find that out)
[9:27pm] sauron: nice
You need to log in before you can comment on or make changes to this bug.