Hello,
Same case here.
Impact is low here (via one ip only), because a file which don't exist
(old iso) :
arch//iso/2020.03.01/archlinux-2020.03.01-x86_64.iso" failed (2: No such
file or directory)
Can you share ip on the list for compare and block all ip before ddos ?
Regards,
Eric.
On 7/2/2020 5:02 AM, mirror-admin wrote:
Hello,
Yes, we notice same download pattern from china IP. Not only for
Archlinux, but for other archive as well.
What we do is try to be nice, we throttling down our upload speed to
their IP.
Thx
On 7/2/2020 09:49, Johannes Findeisen wrote:
Hello,
I am driving the mirror arch.unixpeople.org. Since some months I
encounter a lot of traffic from China which seems to be like a DDoS. I
fixed this some month ago by blocking all IP address ranges from China.
This stopped the traffic. Yesterday I tried to remove all my firewall
rules and to see what happens... Just some hours ago the DDoS startet
again so I really had to block China from my mirror again because it
would become a fulltime job to monitor my host.
While all this happened I tried to figure out what's going on and saw
endless downloads of the arch .iso file from many many IP addresses in
China. When the download from one IP had finished the download directly
started again from exactly the same IP in an endless loop.
Does anyone other here encounter such things?
Regards
Johannes
