Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Don Y <blockedofcourse@foo.invalid>
Newsgroups: sci.electronics.design
Subject: Re: Chinese downloads overloading my website
Date: Mon, 11 Mar 2024 07:48:04 -0700
Organization: A noiseless patient Spider
Lines: 31
Message-ID: <usn5j7$3lod7$1@dont-email.me>
References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com>
 <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com> <usec35$130bu$1@solani.org>
 <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com> <usjiog$15kaq$1@solani.org>
 <t7rrui5ohh07vlvn5vnl277eec6bmvo4p9@4ax.com> <usm6v6$17e2c$1@solani.org>
 <usm96m$3fkqg$1@dont-email.me> <usmkb9$17l2r$1@solani.org>
 <du5uuih5e5d4ugd7ru8oo0gb6ppenjrtdd@4ax.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Mon, 11 Mar 2024 14:48:08 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="bfd4745dd589d11941b6ad5b8849d225";
	logging-data="3858855"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18GcnbuyFdJtIPanSlySHtI"
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.2.2
Cancel-Lock: sha1:AKJOJ7yYhPpsuOnrkpIKBZ/0Rf4=
In-Reply-To: <du5uuih5e5d4ugd7ru8oo0gb6ppenjrtdd@4ax.com>
Content-Language: en-US
Bytes: 2580

On 3/11/2024 7:40 AM, legg wrote:
> Blocking a single IP hasn't worked for my ISP.

It won't.  Even novice users can move to a different IP using reeadily
available mechanisms.

Whitelisting can work (which is the approach that I use) but
it assumes you know who you *want* to access your site.

(It's a lot harder to guess a permitted IP than it is to avoid
an obviously BLOCKED one!)

> Each identical 17G download block (262 visits)was by a new IP
> in a completely different location/region.
> 
> Beijing, Hearbin, Henan, a mobile and a fifth, so far untraced
> due to suspension of my site.

There's a reason things like "captcha" exist.

Note that this still doesn't prevent the *page(s)* from being repeatedly
accessed.  But, presumably, their size is considerably smaller than
that of the payloads you want to protect.

OTOH, if someone wants to shut down your account due to an exceeded
quota, they can keep reloading those pages until they've eaten up your
traffic quota.  And, "they" can be an automated process!

[Operating a server in stealth mode can avoid this.  But, then
you're not "open to the public"!  :> ]