Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Martin Brown <'''newspam'''@nonad.co.uk> Newsgroups: sci.electronics.design Subject: Re: Chinese downloads overloading my website Date: Fri, 8 Mar 2024 11:16:46 +0000 Organization: A noiseless patient Spider Lines: 38 Message-ID: References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Fri, 8 Mar 2024 11:16:49 -0000 (UTC) Injection-Info: dont-email.me; posting-host="06dc33d9712cecf3b7fb9cfeb18e1cac"; logging-data="1753822"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/JT+lly2xhqyzXstML1WsLW1hjzWSJFcoig8j24JCHCQ==" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:GMQM34rSaXCvld3I2EyP4IcJJgg= In-Reply-To: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com> Content-Language: en-GB Bytes: 2725 On 07/03/2024 17:49, legg wrote: > Got a note from an ISP today indicating that my website > was suspended due to data transfer over-use for the month. (>50G) > It's only the 7th day of the month and this hadn't been a > problem in the 6 years they'd hosted the service. > > Turns out that three chinese sources had downloaded the same > set of files, each 262 times. That would do it. Much as I *hate* Captcha this is the sort of DOS attack that it helps to prevent. The other option is to add a script to tarpit or block completely second or third requests for the same large files coming from the same IP address occurring within the hour. > So, anyone else looking to update bipolar semiconductor, > packaging or spice parameter spreadsheets; look at K.A.Pullen's > 'Conductance Design Curve Manual' or any of the other bits > stored at ve3ute.ca are out of luck, for the rest of the month . > > Seems strange that the same three addresses downloaded the > same files, the same number of times. Is this a denial of > service attack? Quite likely. Your ISP should be able to help you with this if they are any good. Most have at least some defences against ridiculous numbers of downloads or other traffic coming from the same bad actor source. Provided that you don't have too many customers in mainland china blacklist the main zones of their IP address range: https://lite.ip2location.com/china-ip-address-ranges?lang=en_US One rogue hammering your site is just run of the mill bad luck but three of them doing it in quick succession looks very suspicious to me. -- Martin Brown