Path: ...!feeds.phibee-telecom.net!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: legg <legg@nospam.magma.ca>
Newsgroups: sci.electronics.design
Subject: Re: Chinese downloads overloading my website
Date: Mon, 11 Mar 2024 12:57:20 -0400
Organization: A noiseless patient Spider
Lines: 43
Message-ID: <kmduuilbvdjssqjda1i21d9b08vrk4t86j@4ax.com>
References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com> <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com> <usec35$130bu$1@solani.org> <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com> <usjiog$15kaq$1@solani.org> <t7rrui5ohh07vlvn5vnl277eec6bmvo4p9@4ax.com> <usm6v6$17e2c$1@solani.org> <usm96m$3fkqg$1@dont-email.me> <usmkb9$17l2r$1@solani.org> <du5uuih5e5d4ugd7ru8oo0gb6ppenjrtdd@4ax.com> <usn5j7$3lod7$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Info: dont-email.me; posting-host="4bf5ccac6bd891d8f3c037dd4188dedd";
	logging-data="3918065"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX18YlHNt8TcULWYfdyNyO2r7"
Cancel-Lock: sha1:LmcAfLpMcqvjgkOpp4fvA1+gfTg=
X-Newsreader: Forte Agent 4.2/32.1118
Bytes: 2898

On Mon, 11 Mar 2024 07:48:04 -0700, Don Y
<blockedofcourse@foo.invalid> wrote:

>On 3/11/2024 7:40 AM, legg wrote:
>> Blocking a single IP hasn't worked for my ISP.
>
>It won't.  Even novice users can move to a different IP using reeadily
>available mechanisms.
>
>Whitelisting can work (which is the approach that I use) but
>it assumes you know who you *want* to access your site.
>
>(It's a lot harder to guess a permitted IP than it is to avoid
>an obviously BLOCKED one!)
>
>> Each identical 17G download block (262 visits)was by a new IP
>> in a completely different location/region.
>> 
>> Beijing, Hearbin, Henan, a mobile and a fifth, so far untraced
>> due to suspension of my site.
>
>There's a reason things like "captcha" exist.
>
>Note that this still doesn't prevent the *page(s)* from being repeatedly
>accessed.  But, presumably, their size is considerably smaller than
>that of the payloads you want to protect.
>
>OTOH, if someone wants to shut down your account due to an exceeded
>quota, they can keep reloading those pages until they've eaten up your
>traffic quota.  And, "they" can be an automated process!
>
>[Operating a server in stealth mode can avoid this.  But, then
>you're not "open to the public"!  :> ]

Doing some simple experiments by temporarily renaming/replacing 
some of the larger files being tageted, just to see how the bot 
reacts to the new environment. If they find renamed files it 
means something. If visits to get the same 17G alter it means 
something else.

This all at the expense and patience of my ISP. Thumbs up there.

RL