Re: [Sks-devel] Dealing with abusive clients

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Dealing with abusive clients

From:	Pascal Levasseur
Subject:	Re: [Sks-devel] Dealing with abusive clients
Date:	Thu, 20 Jul 2017 18:33:38 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

Le 20/07/2017 à 16:54, Pete Stephenson a écrit :
> Hi all,
> 
> I've been receiving some queries that, while not stressing my server,
> appear to be abusive in nature...though perhaps accidentally so.
> 
> Here's a quick excerpt from the logs:
> 216.241.59.205 - - [20/Jul/2017:14:46:51 +0000] "GET / HTTP/1.1" 200
> 5285 "-" "-"
> 216.241.59.205 - - [20/Jul/2017:14:46:53 +0000] "GET / HTTP/1.1" 200
> 5285 "-" "-"
> 216.241.59.205 - - [20/Jul/2017:14:46:56 +0000] "GET / HTTP/1.1" 200
> 5285 "-" "-"
> 216.241.59.205 - - [20/Jul/2017:14:46:58 +0000] "GET / HTTP/1.1" 200
> 5285 "-" "-"
> 
> This particular client is making continuous requests for the main page
> of my server every 2-3 seconds. They're not making any queries for keys,
> submitting keys, etc., but are only requesting the main page.
> 
> This has been going on since at least the 15th of July.
> 
> I haven't observed any other odd traffic, so it seems unlikely that a
> botnet is involved. Maybe a script that has gone awry?
> 
> Although slightly annoying, it doesn't consume much resources. Any
> suggestions on how to deal with this client? For example, should I
> continue to serve them normally, firewall their IP address, etc.? Any
> suggestions on how to deal with more serious abuse in the future?
> 
> Cheers!
> -Pete
> 

I have the same kind of 7/7 24/24 requests from the same IP address on
http://sks.bonus-communis.eu :

216.241.59.205 - - [20/Jul/2017:16:24:22 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
216.241.59.205 - - [20/Jul/2017:16:24:24 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
216.241.59.205 - - [20/Jul/2017:16:24:27 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
216.241.59.205 - - [20/Jul/2017:16:24:29 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"
216.241.59.205 - - [20/Jul/2017:16:24:31 +0000] "GET / HTTP/1.1" 200
11040 "-" "-"

Seems to be an IP address who belongs to TPx Communications.

Should we send an abuse report ?

Regards

Pascal

smime.p7s
Description: Signature cryptographique S/MIME

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Dealing with abusive clients, Pete Stephenson, 2017/07/20
- Re: [Sks-devel] Dealing with abusive clients, Paul M Furley, 2017/07/20
  - Re: [Sks-devel] Dealing with abusive clients, Pete Stephenson, 2017/07/20
    - Re: [Sks-devel] Dealing with abusive clients, Valentin Sundermann, 2017/07/20
    - Re: [Sks-devel] Dealing with abusive clients, Pete Stephenson, 2017/07/20
    - Re: [Sks-devel] Dealing with abusive clients, Kristian Fiskerstrand, 2017/07/20
- Re: [Sks-devel] Dealing with abusive clients, Pascal Levasseur <=

Prev by Date: Re: [Sks-devel] Dealing with abusive clients
Next by Date: Re: [Sks-devel] Dealing with abusive clients
Previous by thread: Re: [Sks-devel] Dealing with abusive clients
Next by thread: [Sks-devel] seeking peers for keys.flanga.io, keys2.flanga.io
Index(es):
- Date
- Thread