Ip is on same range for me
and found 4 new ip yesterday on another range (scan 22H CEST) :
119.176.61.18
119.176.61.22
119.176.61.16
119.176.61.12
On 7/2/2020 8:25 AM, Siyuan Miao wrote:
We also received lots requests from 27.221.66.0/24 <http://27.221.66.0/24>.
aveline@mirror-iad01-a:~# sudo grep iso
/var/log/nginx/mirrors.access.log | awk '{ print $1 }' | sort -n | uniq
-c | sort -nr
178 27.221.66.133
176 27.221.66.144
163 27.221.66.143
163 27.221.66.132
158 27.221.66.138
155 27.221.66.141
153 27.221.66.131
150 27.221.66.149
144 27.221.66.147
137 27.221.66.142
136 27.221.66.136
136 27.221.49.135
133 27.221.66.154
133 27.221.66.134
131 27.221.66.151
131 27.221.66.146
130 27.221.66.137
124 27.221.66.139
120 27.221.66.153
102 27.221.66.148
93 27.221.66.152
On Thu, Jul 2, 2020 at 2:14 PM mirror-admin <mirror-ad...@labkom.id
<mailto:mirror-ad...@labkom.id>> wrote:
Hi,
we got request from fraction of subnet 27.221.66.0/24
<http://27.221.66.0/24>
thx
On 7/2/2020 12:52, services via arch-mirrors wrote:
> Hello,
>
> Same case here.
>
> Impact is low here (via one ip only), because a file which don't
exist
> (old iso) :
> arch//iso/2020.03.01/archlinux-2020.03.01-x86_64.iso" failed (2: No
> such file or directory)
>
> Can you share ip on the list for compare and block all ip before
ddos ?
>
> Regards,
> Eric.
>
> On 7/2/2020 5:02 AM, mirror-admin wrote:
>> Hello,
>>
>> Yes, we notice same download pattern from china IP. Not only for
>> Archlinux, but for other archive as well.
>>
>> What we do is try to be nice, we throttling down our upload
speed to
>> their IP.
>>
>> Thx
>>
>> On 7/2/2020 09:49, Johannes Findeisen wrote:
>>> Hello,
>>>
>>> I am driving the mirror arch.unixpeople.org
<http://arch.unixpeople.org>. Since some months I
>>> encounter a lot of traffic from China which seems to be like a
DDoS. I
>>> fixed this some month ago by blocking all IP address ranges
from China.
>>> This stopped the traffic. Yesterday I tried to remove all my
firewall
>>> rules and to see what happens... Just some hours ago the DDoS
startet
>>> again so I really had to block China from my mirror again
because it
>>> would become a fulltime job to monitor my host.
>>>
>>> While all this happened I tried to figure out what's going on
and saw
>>> endless downloads of the arch .iso file from many many IP
addresses in
>>> China. When the download from one IP had finished the download
directly
>>> started again from exactly the same IP in an endless loop.
>>>
>>> Does anyone other here encounter such things?
>>>
>>> Regards
>>>
>>> Johannes
