[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Dealing with abusive clients
From: |
Pascal Levasseur |
Subject: |
Re: [Sks-devel] Dealing with abusive clients |
Date: |
Thu, 20 Jul 2017 18:33:38 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Le 20/07/2017 à 16:54, Pete Stephenson a écrit :
> Hi all,
>
> I've been receiving some queries that, while not stressing my server,
> appear to be abusive in nature...though perhaps accidentally so.
>
> Here's a quick excerpt from the logs:
> 216.241.59.205 - - [20/Jul/2017:14:46:51 +0000] "GET / HTTP/1.1" 200
> 5285 "-" "-"
> 216.241.59.205 - - [20/Jul/2017:14:46:53 +0000] "GET / HTTP/1.1" 200
> 5285 "-" "-"
> 216.241.59.205 - - [20/Jul/2017:14:46:56 +0000] "GET / HTTP/1.1" 200
> 5285 "-" "-"
> 216.241.59.205 - - [20/Jul/2017:14:46:58 +0000] "GET / HTTP/1.1" 200
> 5285 "-" "-"
>
> This particular client is making continuous requests for the main page
> of my server every 2-3 seconds. They're not making any queries for keys,
> submitting keys, etc., but are only requesting the main page.
>
> This has been going on since at least the 15th of July.
>
> I haven't observed any other odd traffic, so it seems unlikely that a
> botnet is involved. Maybe a script that has gone awry?
>
> Although slightly annoying, it doesn't consume much resources. Any
> suggestions on how to deal with this client? For example, should I
> continue to serve them normally, firewall their IP address, etc.? Any
> suggestions on how to deal with more serious abuse in the future?
>
> Cheers!
> -Pete
>
I have the same kind of 7/7 24/24 requests from the same IP address on
http://sks.bonus-communis.eu :
216.241.59.205 - - [20/Jul/2017:16:24:22 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
216.241.59.205 - - [20/Jul/2017:16:24:24 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
216.241.59.205 - - [20/Jul/2017:16:24:27 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
216.241.59.205 - - [20/Jul/2017:16:24:29 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
216.241.59.205 - - [20/Jul/2017:16:24:31 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
Seems to be an IP address who belongs to TPx Communications.
Should we send an abuse report ?
Regards
Pascal
smime.p7s
Description: Signature cryptographique S/MIME