Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: legg Newsgroups: sci.electronics.design Subject: Re: Chinese downloads overloading my website Date: Fri, 08 Mar 2024 12:17:32 -0500 Organization: A noiseless patient Spider Lines: 43 Message-ID: References: <7qujui58fjds1isls4ohpcnp5d7dt20ggk@4ax.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Injection-Info: dont-email.me; posting-host="6ba6617a928ac72d4755a4ded000bf3e"; logging-data="1922823"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX187sccQCA5z/xoUZaKZ6MaN" Cancel-Lock: sha1:uulyaOPOa3ZPQpZYG+HfBUYreWc= X-Newsreader: Forte Agent 4.2/32.1118 Bytes: 2764 On Fri, 8 Mar 2024 11:16:46 +0000, Martin Brown <'''newspam'''@nonad.co.uk> wrote: >On 07/03/2024 17:49, legg wrote: >> Got a note from an ISP today indicating that my website >> was suspended due to data transfer over-use for the month. (>50G) >> It's only the 7th day of the month and this hadn't been a >> problem in the 6 years they'd hosted the service. >> >> Turns out that three chinese sources had downloaded the same >> set of files, each 262 times. That would do it. > >Much as I *hate* Captcha this is the sort of DOS attack that it helps to >prevent. The other option is to add a script to tarpit or block >completely second or third requests for the same large files coming from >the same IP address occurring within the hour. > >> So, anyone else looking to update bipolar semiconductor, >> packaging or spice parameter spreadsheets; look at K.A.Pullen's >> 'Conductance Design Curve Manual' or any of the other bits >> stored at ve3ute.ca are out of luck, for the rest of the month . >> >> Seems strange that the same three addresses downloaded the >> same files, the same number of times. Is this a denial of >> service attack? > >Quite likely. Your ISP should be able to help you with this if they are >any good. Most have at least some defences against ridiculous numbers of >downloads or other traffic coming from the same bad actor source. > >Provided that you don't have too many customers in mainland china >blacklist the main zones of their IP address range: > >https://lite.ip2location.com/china-ip-address-ranges?lang=en_US > >One rogue hammering your site is just run of the mill bad luck but three >of them doing it in quick succession looks very suspicious to me. Beijin, Harbin and roaming. Yeah. You gotta ask yourself; what's the friggin' point? RL