Brazil Guy, as 22.214.171.124 is unaffectionately known, has recently been not-updating to the tune of 300K pings a day. This causes server load, log bloat, and general mayhem (since only 1 of those 300K pings was a well-formed one on a recent day). We need to stop them from hitting https. The plan is to block or redirect by IP and query param (so that recent builds like 2.0.3 can keep updating). [01:17am] smorgan: I really think 402 or 418 is the way to go [01:18am] ss: Sure, but I think we'll customize that page a bit. [01:18am] ss: So they know they can contact us to fix the problem if they decide to look.
8 years ago
Severity: normal → major
I rolled the log today after 1/2 month because it had already exceeded 700 MB (and that's with ssl apparently being down all of today).
Maybe we should put up a quick 403 rule while we flesh out a more complex solution.
We're not going to do this with an Apache rule because doing so will keep generating large log files. The log files in question are access logs so every request (even if it's denied) is logged. Instead, I'm going to add an entry to the iptables for the bad IP address and specifically for the ssl port (443) which will allow anyone else from that IP to browse our site. Here's the command (entered as root): iptables -A INPUT -s 126.96.36.199 -p tcp --destination-port 443 -j DROP service iptables save To remove it, switch -A to -D and save it to the config file. It works immediately (and yes, I tested it with my own IP address). I've done this on the server and it should be live.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
OS: Mac OS X → All
Resolution: --- → FIXED
By way of follow-up, the 16th had 382588 pings (~60MB of that day's 90MB of logfile) from Brazil guy. The 17th had 47375 pings by the time Sam implemented this fix last night (logs are UTC), and no more since then. :)
Whatever happened to the server the other day messed this up :(
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
So you ran the command in comment 3 to fix it?
(In reply to comment #3) > Here's the command (entered as root): > > iptables -A INPUT -s 188.8.131.52 -p tcp --destination-port 443 -j DROP > service iptables save [5:19pm] ss: Two lines, two commands :P OK, Brazil Guy *should* be blocked again.
Status: REOPENED → RESOLVED
Last Resolved: 8 years ago → 8 years ago
Resolution: --- → FIXED
7 years ago
For future reference: [9:27pm] ss: iptables -L apparently lists them all. [9:27pm] ss: (I did iptables -h to find that out) [9:27pm] sauron: nice
You need to log in before you can comment on or make changes to this bug.