Got a note from an ISP today indicating that my website
was suspended due to data transfer over-use for the month. (>50G)
It's only the 7th day of the month and this hadn't been a
problem in the 6 years they'd hosted the service.
Turns out that three chinese sources had downloaded the same
set of files, each 262 times. That would do it.
So, anyone else looking to update bipolar semiconductor,
packaging or spice parameter spreadsheets; look at K.A.Pullen's
'Conductance Design Curve Manual' or any of the other bits
stored at ve3ute.ca are out of luck, for the rest of the month .
Seems strange that the same three addresses downloaded the
same files, the same number of times. Is this a denial of
service attack?
A quick response from the ISP says they're blocking
the three hosts and 'monitoring the situatio'.
All the downloading was occuring between certain
hours of the day in sequence - first one host
between 11 and 12pm. one days rest, then the
second host at the same timeon the third day,
then the third host on the fourth day.
Same files 262 times each, 17Gb each.
Not normal web activity, as I know it.
RL
Got a note from an ISP today indicating that my website
was suspended due to data transfer over-use for the month. (>50G)
It's only the 7th day of the month and this hadn't been a
problem in the 6 years they'd hosted the service.
Turns out that three chinese sources had downloaded the same
set of files, each 262 times. That would do it.
So, anyone else looking to update bipolar semiconductor,
packaging or spice parameter spreadsheets; look at K.A.Pullen's
'Conductance Design Curve Manual' or any of the other bits
stored at ve3ute.ca are out of luck, for the rest of the month .
Seems strange that the same three addresses downloaded the
same files, the same number of times. Is this a denial of
service attack?
On 07/03/2024 17:49, legg wrote:
Got a note from an ISP today indicating that my website
was suspended due to data transfer over-use for the month. (>50G)
It's only the 7th day of the month and this hadn't been a
problem in the 6 years they'd hosted the service.
Turns out that three chinese sources had downloaded the same
set of files, each 262 times. That would do it.
Much as I *hate* Captcha this is the sort of DOS attack that it helps to >prevent. The other option is to add a script to tarpit or block
completely second or third requests for the same large files coming from
the same IP address occurring within the hour.
So, anyone else looking to update bipolar semiconductor,
packaging or spice parameter spreadsheets; look at K.A.Pullen's
'Conductance Design Curve Manual' or any of the other bits
stored at ve3ute.ca are out of luck, for the rest of the month .
Seems strange that the same three addresses downloaded the
same files, the same number of times. Is this a denial of
service attack?
Quite likely. Your ISP should be able to help you with this if they are
any good. Most have at least some defences against ridiculous numbers of >downloads or other traffic coming from the same bad actor source.
Provided that you don't have too many customers in mainland china
blacklist the main zones of their IP address range:
https://lite.ip2location.com/china-ip-address-ranges?lang=en_US
One rogue hammering your site is just run of the mill bad luck but three
of them doing it in quick succession looks very suspicious to me.
On a sunny day (Thu, 07 Mar 2024 17:12:27 -0500) it happened legg ><legg@nospam.magma.ca> wrote in <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com>:
A quick response from the ISP says they're blocking
the three hosts and 'monitoring the situatio'.
All the downloading was occuring between certain
hours of the day in sequence - first one host
between 11 and 12pm. one days rest, then the
second host at the same timeon the third day,
then the third host on the fourth day.
Same files 262 times each, 17Gb each.
Not normal web activity, as I know it.
RL
Many sites have a 'I m not a bot' sort of thing you have to go through to get access.
On Fri, 08 Mar 2024 06:43:49 GMT, Jan Panteltje <alien@comet.invalid>
wrote:
On a sunny day (Thu, 07 Mar 2024 17:12:27 -0500) it happened legg >><legg@nospam.magma.ca> wrote in <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com>: >>
A quick response from the ISP says they're blocking
the three hosts and 'monitoring the situatio'.
All the downloading was occuring between certain
hours of the day in sequence - first one host
between 11 and 12pm. one days rest, then the
second host at the same timeon the third day,
then the third host on the fourth day.
Same files 262 times each, 17Gb each.
Not normal web activity, as I know it.
RL
Many sites have a 'I m not a bot' sort of thing you have to go through to get access.
Any idea what's involved - preferably anything that doesn't
owe to Google?
...
I'd like to limit traffic data volume by any host to <500M,
or <50M in 24hrs. It's all ftp.
On a sunny day (Sat, 09 Mar 2024 20:59:19 -0500) it happened legg <legg@nospam.magma.ca> wrote in <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com>:
On Fri, 08 Mar 2024 06:43:49 GMT, Jan Panteltje <alien@comet.invalid> >wrote:
On a sunny day (Thu, 07 Mar 2024 17:12:27 -0500) it happened legg >><legg@nospam.magma.ca> wrote in >><6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com>:to get access.
A quick response from the ISP says they're blocking
the three hosts and 'monitoring the situatio'.
All the downloading was occuring between certain
hours of the day in sequence - first one host
between 11 and 12pm. one days rest, then the
second host at the same timeon the third day,
then the third host on the fourth day.
Same files 262 times each, 17Gb each.
Not normal web activity, as I know it.
RL
Many sites have a 'I m not a bot' sort of thing you have to go through
Any idea what's involved - preferably anything that doesn't
owe to Google?
...
I'd like to limit traffic data volume by any host to <500M,
or <50M in 24hrs. It's all ftp.
I no longer run an ftp server (for many years now),
the old one here needed a password.
Some parts of my website used to be password protected.
When I ask google for "how to add a captcha to your website"
I see many solutions, for example this:
https://www.oodlestechnologies.com/blogs/create-a-captcha-validation-in-ht ml-and-javascript/
Maybe some html guru here nows?
On a sunny day (Sat, 09 Mar 2024 20:59:19 -0500) it happened legg ><legg@nospam.magma.ca> wrote in <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com>:
On Fri, 08 Mar 2024 06:43:49 GMT, Jan Panteltje <alien@comet.invalid> >>wrote:
On a sunny day (Thu, 07 Mar 2024 17:12:27 -0500) it happened legg >>><legg@nospam.magma.ca> wrote in <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com>:
A quick response from the ISP says they're blocking
the three hosts and 'monitoring the situatio'.
All the downloading was occuring between certain
hours of the day in sequence - first one host
between 11 and 12pm. one days rest, then the
second host at the same timeon the third day,
then the third host on the fourth day.
Same files 262 times each, 17Gb each.
Not normal web activity, as I know it.
RL
Many sites have a 'I m not a bot' sort of thing you have to go through to get access.
Any idea what's involved - preferably anything that doesn't
owe to Google?
...
I'd like to limit traffic data volume by any host to <500M,
or <50M in 24hrs. It's all ftp.
I no longer run an ftp server (for many years now),
the old one here needed a password.
Some parts of my website used to be password protected.
When I ask google for "how to add a captcha to your website"
I see many solutions, for example this:
https://www.oodlestechnologies.com/blogs/create-a-captcha-validation-in-html-and-javascript/
Maybe some html guru here nows?
If you can password-protect the pages, why not do that but include the >password in the text so that any human can see it and copy it? i.e.
~~~~~~~~
To prove you are human you must type in the password, the password is
ABC
Password: ___
~~~~~~~~
So far the chinese are accessing the top level index, where
files are offered for download at a click.
Ideally, if they can't access the top level, a direct address
access to the files might be prevented?
The website's down after a fifth excursion pushed volumes above
85g on a 70G temporary extension. What's the bet it was 17G
accumulated in 262 'visits'.
Can't ID that final hosts IP address while I'm locked out.
Luckily (~) for users, you can still access most of the usefull
files, updated in January 2024, through the Wayback Machine.
https://web.archive.org/web/20240000000000*/http://www.ve3ute.ca/
Probably the best place for it, in some people's opinion, anyways.
YOU can make stuff available to others, in the future, by 'suggesting' relevent site addresses to the Internet Archive, if they're not
already being covered.
Once a 'captcha' or other security device is added, you can kiss
Wayback updates goodbye, as most bots will get the message.
I don't mind bots - thay can do good work.
Pity you can't just put stuff up in the public domain without
this kind of bullshit.
On Fri, 08 Mar 2024 06:43:49 GMT, Jan Panteltje <alien@comet.invalid>
wrote:
On a sunny day (Thu, 07 Mar 2024 17:12:27 -0500) it happened legg >><legg@nospam.magma.ca> wrote in <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com>: >>
A quick response from the ISP says they're blocking
the three hosts and 'monitoring the situatio'.
All the downloading was occuring between certain
hours of the day in sequence - first one host
between 11 and 12pm. one days rest, then the
second host at the same timeon the third day,
then the third host on the fourth day.
Same files 262 times each, 17Gb each.
Not normal web activity, as I know it.
RL
Many sites have a 'I m not a bot' sort of thing you have to go through to get access.
Any idea what's involved - preferably anything that doesn't
owe to Google?
I'd like to limit traffic data volume by any host to <500M,
or <50M in 24hrs. It's all ftp.
Have access to Pldesk, but am unfamiliar with capabilities
and clued out how to do much of anything save file transfer.
On Sun, 10 Mar 2024 06:08:15 GMT, Jan Panteltje <alien@comet.invalid>
wrote:
On a sunny day (Sat, 09 Mar 2024 20:59:19 -0500) it happened legg >><legg@nospam.magma.ca> wrote in <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com>: >>
On Fri, 08 Mar 2024 06:43:49 GMT, Jan Panteltje <alien@comet.invalid> >>>wrote:
On a sunny day (Thu, 07 Mar 2024 17:12:27 -0500) it happened legg >>>><legg@nospam.magma.ca> wrote in <6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com>:
A quick response from the ISP says they're blocking
the three hosts and 'monitoring the situatio'.
All the downloading was occuring between certain
hours of the day in sequence - first one host
between 11 and 12pm. one days rest, then the
second host at the same timeon the third day,
then the third host on the fourth day.
Same files 262 times each, 17Gb each.
Not normal web activity, as I know it.
RL
Many sites have a 'I m not a bot' sort of thing you have to go through to get access.
Any idea what's involved - preferably anything that doesn't
owe to Google?
...
I'd like to limit traffic data volume by any host to <500M,
or <50M in 24hrs. It's all ftp.
I no longer run an ftp server (for many years now),
the old one here needed a password.
Some parts of my website used to be password protected.
When I ask google for "how to add a captcha to your website"
I see many solutions, for example this:
https://www.oodlestechnologies.com/blogs/create-a-captcha-validation-in-html-and-javascript/
Maybe some html guru here nows?
That looks like it's good for accessing an html page.
So far the chinese are accessing the top level index, where
files are offered for download at a click.
Ideally, if they can't access the top level, a direct address
access to the files might be prevented?
On a sunny day (Sun, 10 Mar 2024 13:47:48 -0400) it happened legg <legg@nospam.magma.ca> wrote inGPS_to_USB_module_component_site_IXIMG_1360.JPG
<t7rrui5ohh07vlvn5vnl277eec6bmvo4p9@4ax.com>:
On Sun, 10 Mar 2024 06:08:15 GMT, Jan Panteltje <alien@comet.invalid> >>wrote:
On a sunny day (Sat, 09 Mar 2024 20:59:19 -0500) it happened legg >>><legg@nospam.magma.ca> wrote in >>><u14quid1e74r81n0ajol0quthaumsd65md@4ax.com>:
On Fri, 08 Mar 2024 06:43:49 GMT, Jan Panteltje <alien@comet.invalid> >>>>wrote:
On a sunny day (Thu, 07 Mar 2024 17:12:27 -0500) it happened legg >>>>><legg@nospam.magma.ca> wrote in >>>>><6lekuihu1heui4th3ogtnqk9ph8msobmj3@4ax.com>:
A quick response from the ISP says they're blocking the three hosts >>>>>>and 'monitoring the situatio'.
All the downloading was occuring between certain hours of the day in >>>>>>sequence - first one host between 11 and 12pm. one days rest, then >>>>>>the second host at the same timeon the third day,
then the third host on the fourth day.
Same files 262 times each, 17Gb each.
Not normal web activity, as I know it.
RL
Many sites have a 'I m not a bot' sort of thing you have to go >>>>>through to get access.
Any idea what's involved - preferably anything that doesn't owe to >>>>Google?
...
I'd like to limit traffic data volume by any host to <500M,
or <50M in 24hrs. It's all ftp.
I no longer run an ftp server (for many years now),
the old one here needed a password.
Some parts of my website used to be password protected.
When I ask google for "how to add a captcha to your website"
I see many solutions, for example this:
https://www.oodlestechnologies.com/blogs/create-a-captcha-validation- in-html-and-javascript/
Maybe some html guru here nows?
That looks like it's good for accessing an html page.
So far the chinese are accessing the top level index, where files are >>offered for download at a click.
Ideally, if they can't access the top level, a direct address access to
the files might be prevented?
What I am doing now is using a html://mywebsite/pub/ directory with lots
of files in it that I want to publish in for example this newsgroup,
I then just post a direct link to that file.
So it has no index file and no links to it from the main site.
It has many sub directories too.
https://panteltje.nl/pub/
https://panteltje.nl/pub/pwfax-0.1/README
So you need the exact link to access anything fine for publishing
here...
Maybe Usenet conversations are saved somewhere ? google still holds the archive?
I have most postings saved here on the Raspberry Pi4 8GB I am using for
web browsing and Usenet for what I found interesting back to 2006, older
to back 1998 maybe on the old PC upstairs
raspberrypi: ~/.NewsFleX # l total 692 -rw-r--r-- 1 root root 21971
Jan 9 2006 NewsFleX.xpm -rw-r--r-- 1 root root 2576 Jul 30 2006 newsservers.dat.bak drwxr-xr-x 5 root root 4096 Apr 1 2008 news.isu.edu.tw/
drwxr-xr-x 5 root root 4096 Apr 1 2008 textnews.news.cambrium.nl/ -rw-r--r-- 1 root root 1 Mar 5 2009 global_custom_head
drwx------ 4 root root 4096 Dec 6 2009 http/
-rw-r--r-- 1 root root 99 Apr 4 2010 signature.org -rw-r--r--
1 root root 8531 Apr 4 2010 signature~
-rw-r--r-- 1 root root 8531 Apr 4 2010 signature -rw-r--r-- 1
root root 816 Nov 9 2011 filters.dat.OK drwxr-xr-x 3 root root
4096 Jul 5 2012 nntp.ioe.org/
drwxr-xr-x 2 root root 4096 Mar 30 2015 news.altopia.com/
drwxr-xr-x 25 root root 4096 Mar 1 2020 news2.datemas.de/
drwxr-xr-x 109 root root 4096 Jun 1 2020 news.albasani.net/
drwxr-xr-x 2 root root 4096 Nov 28 2020 setup/
drwxr-xr-x 10 root root 4096 Mar 1 2021 news.ziggo.nl/
drwxr-xr-x 6 root root 4096 Jun 1 2021 news.chello.nl/
drwxr-xr-x 2 root root 4096 Aug 19 2021 news.neodome.net/
drwxr-xr-x 6 root root 4096 Sep 1 2022 news.tornevall.net/
drwxr-xr-x 156 root root 4096 Nov 1 2022 news.datemas.de/
drwxr-xr-x 23 root root 4096 Jan 1 2023 news.aioe.cjb.net/
drwxr-xr-x 4 root root 4096 Jan 1 2023 news.cambrium.nl/
drwxr-xr-x 52 root root 4096 Jan 1 2023 news.netfront.net/
drwxr-xr-x 60 root root 4096 Feb 1 2023 freenews.netfront.net/ -rw-r--r-- 1 root root 1651 Feb 1 2023 urls.dat~
drwxr-xr-x 49 root root 4096 Apr 2 2023 freetext.usenetserver.com/ -rw-r--r-- 1 root root 1698 Apr 18 2023 urls.dat drwxr-xr-x 15
root root 4096 Aug 2 2023 localhost/
drwxr-xr-x 11 root root 4096 Dec 15 06:57 194.177.96.78/
drwxr-xr-x 190 root root 4096 Dec 15 06:58 nntp.aioe.org/
-rw-r--r-- 1 root root 1106 Feb 23 06:43 error_log.txt -rw-r--r--
1 root root 966 Feb 23 13:33 filters.dat~
-rw-r--r-- 1 root root 973 Mar 2 06:28 filters.dat drwxr-xr-x 57
root root 4096 Mar 3 11:42 news.eternal-september.org/
drwxr-xr-x 14 root root 4096 Mar 3 11:42 news.solani.org/
drwxr-xr-x 197 root root 4096 Mar 3 11:42 postings/
-rw-r--r-- 1 root root 184263 Mar 6 04:45 newsservers.dat~
-rw-r--r-- 1 root root 2407 Mar 6 04:45 posting_periods.dat~
-rw-r--r-- 1 root root 0 Mar 6 06:27 lockfile -rw-r--r-- 1
root root 87 Mar 6 06:27 kernel_version -rw-r--r-- 1 root root
107930 Mar 6 06:27 fontlist.txt -rw-r--r-- 1 root root 184263 Mar 6
06:27 newsservers.dat -rw-r--r-- 1 root root 2407 Mar 6 06:27 posting_periods.dat ....
lots of newsservers came and went over time...
I have backups of my website on harddisk, optical and of course my
hosting provider.
You may find the file:
/etc/hosts.deny
useful in this case, you can block by name(s) or ip(s).
Man hosts,deny
for more info
You may find the file:
/etc/hosts.deny
useful in this case, you can block by name(s) or ip(s).
Man hosts,deny
for more info
Got a note from an ISP today indicating that my website
was suspended due to data transfer over-use for the month. (>50G)
It's only the 7th day of the month and this hadn't been a
problem in the 6 years they'd hosted the service.
Turns out that three chinese sources had downloaded the same
set of files, each 262 times. That would do it.
So, anyone else looking to update bipolar semiconductor,
packaging or spice parameter spreadsheets; look at K.A.Pullen's
'Conductance Design Curve Manual' or any of the other bits
stored at ve3ute.ca are out of luck, for the rest of the month .
Seems strange that the same three addresses downloaded the
same files, the same number of times. Is this a denial of
service attack?
RL
Blocking a single IP hasn't worked for my ISP.
Each identical 17G download block (262 visits)was by a new IP
in a completely different location/region.
Beijing, Hearbin, Henan, a mobile and a fifth, so far untraced
due to suspension of my site.
On a sunny day (Mon, 11 Mar 2024 06:43:34 -0000 (UTC)) it happened jim whitby ><mr.spock@spockmall.net> wrote in <usm96m$3fkqg$1@dont-email.me>:
You may find the file:
/etc/hosts.deny
useful in this case, you can block by name(s) or ip(s).
Man hosts,deny
for more info
I wrote a small script years ago using Linux iptables to reject bad IP adresses.
raspberrypi: ~ # cat /usr/local/sbin_pi_95/ireject
# this is called to add a input deny for an IP addres to ipchains,
# and save the configuration.
if [ "$1" = "" ]
then
echo "Usage: reject IP_address"
exit 1
fi
# OLD ipchains
##ipchains -A input -s $1 -l -j REJECT
#ipchains -L
##ipchains-save > /root/firewall
##echo "reject: ipchains configuration written to /root/firewall"
#iptables -A INPUT -s $1 -p all -j REJECT
#iptables -A INPUT -s $1 -p all -j DROP
echo "executing iptables -A INPUT -s $1 -p all -j DROP"
iptables -A INPUT -s $1 -p all -j DROP
echo "executing iptables -A OUTPUT -s $1 -p all -j REJECT"
iptables -A OUTPUT -s $1 -p all -j REJECT
iptables-save > /root/firewall2
exit 0
Therr is an other one 'load_firewall somewhere.
raspberrypi: ~ # cat /usr/local/sbin_pi_95/load-firewall
iptables -F
#/sbin/ipchains-restore < /root/firewall
/sbin/iptables-restore < /root/firewall2
There were many many entries in /root/firewall back then, daily work to keep track of attacks.
Now I am on a dynamic IP address and the website is handled by a company, >saves a lot of time.
Things evolve all the time, iptables sets this Raspberry Pi with 8 GB memory as router too,
runs with a Huawei 4G USB stick with IP 192.168.8.100 for net connection, anywhere in Europe I think,
an other script:
raspberrypi: # cat /usr/local/sbin/start_4g_router
#!/usr//bin/bash
iptables -F
route add -net 192.168.0.0/16 dev eth0
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING ! -d 192.168.0.0/16 -o eth1 -j SNAT --to-source 192.168.8.100
sleep 1
ifconfig eth0 down
sleep 1
ifconfig eth0 192.168.178.1 up
sleep 1
vnstat -i eth1 -s
sleep 1
# default is set to 192.168.8.1, using 8.8.8.8 and 8.8.4.4 google name server lookup
cp /etc/resolv.conf.GOOGLE /etc/resolv.conf
sleep 1
# reduce swapping
sysctl vm.swappiness=5
echo "ready"
There is more, but then again, things change over time too.
On 3/11/2024 7:40 AM, legg wrote:
Blocking a single IP hasn't worked for my ISP.
It won't. Even novice users can move to a different IP using reeadily >available mechanisms.
Whitelisting can work (which is the approach that I use) but
it assumes you know who you *want* to access your site.
(It's a lot harder to guess a permitted IP than it is to avoid
an obviously BLOCKED one!)
Each identical 17G download block (262 visits)was by a new IP
in a completely different location/region.
Beijing, Hearbin, Henan, a mobile and a fifth, so far untraced
due to suspension of my site.
There's a reason things like "captcha" exist.
Note that this still doesn't prevent the *page(s)* from being repeatedly >accessed. But, presumably, their size is considerably smaller than
that of the payloads you want to protect.
OTOH, if someone wants to shut down your account due to an exceeded
quota, they can keep reloading those pages until they've eaten up your >traffic quota. And, "they" can be an automated process!
[Operating a server in stealth mode can avoid this. But, then
you're not "open to the public"! :> ]
On a sunny day (Sun, 10 Mar 2024 13:47:48 -0400) it happened legg ><legg@nospam.magma.ca> wrote in <t7rrui5ohh07vlvn5vnl277eec6bmvo4p9@4ax.com>:<snip>
On Sun, 10 Mar 2024 06:08:15 GMT, Jan Panteltje <alien@comet.invalid> >>wrote:
On a sunny day (Sat, 09 Mar 2024 20:59:19 -0500) it happened legg >>><legg@nospam.magma.ca> wrote in <u14quid1e74r81n0ajol0quthaumsd65md@4ax.com>:
When I ask google for "how to add a captcha to your website"
I see many solutions, for example this:
https://www.oodlestechnologies.com/blogs/create-a-captcha-validation-in-html-and-javascript/
Maybe some html guru here nows?
That looks like it's good for accessing an html page.
So far the chinese are accessing the top level index, where
files are offered for download at a click.
Ideally, if they can't access the top level, a direct address
access to the files might be prevented?
What I am doing now is using a html://mywebsite/pub/ directory<snip>
with lots of files in it that I want to publish in for example this newsgroup, >I then just post a direct link to that file.
So it has no index file and no links to it from the main site.
It has many sub directories too.
https://panteltje.nl/pub/GPS_to_USB_module_component_site_IXIMG_1360.JPG https://panteltje.nl/pub/pwfax-0.1/README
So you need the exact link to access anything
fine for publishing here...
Doing some simple experiments by temporarily renaming/replacing
some of the larger files being tageted, just to see how the bot
reacts to the new environment. If they find renamed files it
means something. If visits to get the same 17G alter it means
something else.
This all at the expense and patience of my ISP. Thumbs up there.
On Mon, 11 Mar 2024 07:48:04 -0700, Don Y
<blockedofcourse@foo.invalid> wrote:
On 3/11/2024 7:40 AM, legg wrote:
Blocking a single IP hasn't worked for my ISP.
It won't. Even novice users can move to a different IP using reeadily
available mechanisms.
Whitelisting can work (which is the approach that I use) but
it assumes you know who you *want* to access your site.
(It's a lot harder to guess a permitted IP than it is to avoid
an obviously BLOCKED one!)
Each identical 17G download block (262 visits)was by a new IP
in a completely different location/region.
Beijing, Hearbin, Henan, a mobile and a fifth, so far untraced
due to suspension of my site.
There's a reason things like "captcha" exist.
Note that this still doesn't prevent the *page(s)* from being repeatedly
accessed. But, presumably, their size is considerably smaller than
that of the payloads you want to protect.
OTOH, if someone wants to shut down your account due to an exceeded
quota, they can keep reloading those pages until they've eaten up your
traffic quota. And, "they" can be an automated process!
[Operating a server in stealth mode can avoid this. But, then
you're not "open to the public"! :> ]
Doing some simple experiments by temporarily renaming/replacing
some of the larger files being tageted, just to see how the bot
reacts to the new environment. If they find renamed files it
means something. If visits to get the same 17G alter it means
something else.
This all at the expense and patience of my ISP. Thumbs up there.
IME, the hidden google re-captcha works brilliantly against bots.
Presumably by examining the timing. Set the threshold to 0.6 and off
you go. I run a fairly busy tech forum.
Another approach is to put your site behind Cloudflare. For hobby / >noncommercial sites this is free. And you get handy stuff like
- https certificate is done for you
- you can block up to 5 countries (I blocked Russia China and India)
Ideally you should firewall your server to accept web traffic only
from the set of CF IPs, but in practice this is not necessary unless
somebody is out to get you (there are websites which carry IP history
for a given domain, believe it or not!!!)
On 11/03/2024 16:57, legg wrote:
On Mon, 11 Mar 2024 07:48:04 -0700, Don Y
<blockedofcourse@foo.invalid> wrote:
On 3/11/2024 7:40 AM, legg wrote:
Blocking a single IP hasn't worked for my ISP.
It won't. Even novice users can move to a different IP using reeadily
available mechanisms.
Whitelisting can work (which is the approach that I use) but
it assumes you know who you *want* to access your site.
(It's a lot harder to guess a permitted IP than it is to avoid
an obviously BLOCKED one!)
Each identical 17G download block (262 visits)was by a new IP
in a completely different location/region.
Beijing, Hearbin, Henan, a mobile and a fifth, so far untraced
due to suspension of my site.
There's a reason things like "captcha" exist.
Note that this still doesn't prevent the *page(s)* from being repeatedly >>> accessed. But, presumably, their size is considerably smaller than
that of the payloads you want to protect.
OTOH, if someone wants to shut down your account due to an exceeded
quota, they can keep reloading those pages until they've eaten up your
traffic quota. And, "they" can be an automated process!
[Operating a server in stealth mode can avoid this. But, then
you're not "open to the public"! :> ]
Doing some simple experiments by temporarily renaming/replacing
some of the larger files being tageted, just to see how the bot
reacts to the new environment. If they find renamed files it
means something. If visits to get the same 17G alter it means
something else.
This all at the expense and patience of my ISP. Thumbs up there.
Why don't you block entire blocks of Chinese IP addresses that contain
the ones that have attacked you until the problem ceases?
eg. add a few banned IP destinations to your .htaccess file
https://htaccessbook.com/block-ip-address/
1.80.*.* thru 1.95.*.*
101.16.*.* thru 101.16.*.*
101.144.*.* thru 101.159.*.*
If you block just a few big chunks it should make some difference.
You might have to inflict a bit of collateral damage in the 101.* range.
Otherwise you are stuck with adding some Captcha type thing to prevent >malicious bots hammering your site. I'm a bit surprised that your ISP
doesn't offer or have site wide countermeasures for such DOS attacks.
My ISP has blocked all China IP addresses from accessing the
site.
When I ask google for "how to add a captcha to your website"
I see many solutions, for example this:
https://www.oodlestechnologies.com/blogs/create-a-captcha-validation-in-html-and-javascript/
Maybe some html guru here nows?
That looks like it's good for accessing an html page.
So far the chinese are accessing the top level index, where
files are offered for download at a click.
Ideally, if they can't access the top level, a direct address
access to the files might be prevented?
Using barebones (Netscape) Seamonkey Compser, the Oodlestech
script generates a web page with a 4-figure manually-entered
human test.
How do I get a correct response to open the protected web page?
What I am doing now is using a html://mywebsite/pub/ directory<snip>
with lots of files in it that I want to publish in for example this newsgroup,
I then just post a direct link to that file.
So it has no index file and no links to it from the main site.
It has many sub directories too.
https://panteltje.nl/pub/GPS_to_USB_module_component_site_IXIMG_1360.JPG
https://panteltje.nl/pub/pwfax-0.1/README
So you need the exact link to access anything
fine for publishing here...
The top (~index) web page of my site has lists of direct links
to subdirectories, for double-click download by user.
It also has limks to other web pages that, in turn, offer links or
downloads to on-site and off-site locations. A great number of
off-site links are invalid, after ~10-20years of neglect. They'll
probably stay that way until something or somebody convinces me
that it's all not just a waste of time.
At present, I only maintain data links or electronic publications
that need it. This may not be neccessary, as the files are generally
small enough for the Wayback machine to have scooped up most of the
databases and spreadsheets. They're also showing up in other places,
with my blessing. Hell - Wayback even has tube curve pages from the 'Conductance Curve Design Manual' - they've got to be buried 4 folders
deep - and each is a hefty image.
Somebody, please tell me the the 'Internet Archive' is NOT owned
by Google?
Some off-site links for large image-bound mfr-logo-ident web pages
(c/o geek@scorpiorising) seem already to have introduced a
captcha-type routine. Wouldn't need many bot hits to bump that
location into a data limit. Those pages take a long time
simply to load.
Anyway - how to get the Oodlestech script to open the appropriate
page, after vetting the user as being human?
On 3/11/2024 9:48 AM, legg wrote:
When I ask google for "how to add a captcha to your website"
I see many solutions, for example this:
https://www.oodlestechnologies.com/blogs/create-a-captcha-validation-in-html-and-javascript/
Maybe some html guru here nows?
That looks like it's good for accessing an html page.
So far the chinese are accessing the top level index, where
files are offered for download at a click.
Ideally, if they can't access the top level, a direct address
access to the files might be prevented?
Using barebones (Netscape) Seamonkey Compser, the Oodlestech
script generates a web page with a 4-figure manually-entered
human test.
How do I get a correct response to open the protected web page?
Why not visit a page that uses it and inspect the source?
What I am doing now is using a html://mywebsite/pub/ directory<snip>
with lots of files in it that I want to publish in for example this newsgroup,
I then just post a direct link to that file.
So it has no index file and no links to it from the main site.
It has many sub directories too.
https://panteltje.nl/pub/GPS_to_USB_module_component_site_IXIMG_1360.JPG >>> https://panteltje.nl/pub/pwfax-0.1/README
So you need the exact link to access anything
fine for publishing here...
The top (~index) web page of my site has lists of direct links
to subdirectories, for double-click download by user.
You could omit the actual links and just leave the TEXT for a link
present (i.e., highlight text, copy, paste into address bar) to
see if the "clients" are exploring all of your *links* or are
actually parsing the *text*.
It also has limks to other web pages that, in turn, offer links or
downloads to on-site and off-site locations. A great number of
Whether or not you choose to "protect" those assets is a separate
issue that only you can resolve (what's your "obligation" to a site that >you've referenced on YOUR page?)
off-site links are invalid, after ~10-20years of neglect. They'll
probably stay that way until something or somebody convinces me
that it's all not just a waste of time.
At present, I only maintain data links or electronic publications
that need it. This may not be neccessary, as the files are generally
small enough for the Wayback machine to have scooped up most of the
databases and spreadsheets. They're also showing up in other places,
with my blessing. Hell - Wayback even has tube curve pages from the
'Conductance Curve Design Manual' - they've got to be buried 4 folders
deep - and each is a hefty image.
You can see if bitsavers has an interest in preserving them in a
more "categorical" framework.
Somebody, please tell me the the 'Internet Archive' is NOT owned
by Google?
Some off-site links for large image-bound mfr-logo-ident web pages
(c/o geek@scorpiorising) seem already to have introduced a
captcha-type routine. Wouldn't need many bot hits to bump that
location into a data limit. Those pages take a long time
simply to load.
There is an art to designing all forms of documentation
(web pages just being one). Too abridged and folks spend forever
chasing links (even if it's as easy as "NEXT"). Too verbose and
the page takes a long time to load.
OTOH, when I'm looking to scrape documentation for <whatever>,
I will always take the "one large document" option, if offered.
It's just too damn difficult to rebuild a site's structure,
off-line, in (e.g.) a PDF. And, load times for large LOCAL documents
is insignificant.
Anyway - how to get the Oodlestech script to open the appropriate
page, after vetting the user as being human?
No examples, there?
Ideally, if they can't access the top level, a direct address
access to the files might be prevented?
Using barebones (Netscape) Seamonkey Compser, the Oodlestech
script generates a web page with a 4-figure manually-entered
human test.
How do I get a correct response to open the protected web page?
Why not visit a page that uses it and inspect the source?
I'm afraid to find out. If it's google product . . . .
What I am doing now is using a html://mywebsite/pub/ directory<snip>
with lots of files in it that I want to publish in for example this newsgroup,
I then just post a direct link to that file.
So it has no index file and no links to it from the main site.
It has many sub directories too.
https://panteltje.nl/pub/GPS_to_USB_module_component_site_IXIMG_1360.JPG >>>> https://panteltje.nl/pub/pwfax-0.1/README
So you need the exact link to access anything
fine for publishing here...
The top (~index) web page of my site has lists of direct links
to subdirectories, for double-click download by user.
You could omit the actual links and just leave the TEXT for a link
present (i.e., highlight text, copy, paste into address bar) to
see if the "clients" are exploring all of your *links* or are
actually parsing the *text*.
After the chinese IPs were blocked, there was not much more
I could learn by fiddling about. My ISP had to reset the auto
suspension and up the limit with each (failed) iteration.
The current block is considered as dusting of the hands.
Case closed.
Somebody, please tell me the the 'Internet Archive' is NOT owned
by Google?
Some off-site links for large image-bound mfr-logo-ident web pages
(c/o geek@scorpiorising) seem already to have introduced a
captcha-type routine. Wouldn't need many bot hits to bump that
location into a data limit. Those pages take a long time
simply to load.
There is an art to designing all forms of documentation
(web pages just being one). Too abridged and folks spend forever
chasing links (even if it's as easy as "NEXT"). Too verbose and
the page takes a long time to load.
The problem with mfr logo ident is the raw volume of tiny images.
Don't recall if an epub version was made - I think, if anything,
that attempt just made a bigger file . . . .
Slow as it is - it's already split up alpha numerically into six
sections . . . .
(Without having seen them...) Can you create a PNG of a group
of them arranged in a matrix. Then, a map that allows clicking
on any *part* of the composite image to provide a more detailed
"popup" to inspect?
I.e., each individual image is a trip back to the server to
fetch that image. A single composite could reduce that to
one fetch with other actions conditional on whether or not
the user wants "more/finer detail"
On Tue, 12 Mar 2024 12:54:06 +0000, Peter <occassionally-confused@nospam.co.uk> wrote:
IME, the hidden google re-captcha works brilliantly against bots.
Presumably by examining the timing. Set the threshold to 0.6 and off
you go. I run a fairly busy tech forum.
Another approach is to put your site behind Cloudflare. For hobby /
noncommercial sites this is free. And you get handy stuff like
- https certificate is done for you
- you can block up to 5 countries (I blocked Russia China and India)
Ideally you should firewall your server to accept web traffic only
from the set of CF IPs, but in practice this is not necessary unless
somebody is out to get you (there are websites which carry IP history
for a given domain, believe it or not!!!)
My ISP has finally blocked all China IP addresses from accessing the
site.
Maybe that's what the bots want; who knows.
Haven't had access to the site to find out what the practical result
is, yet.
RL
Don Y <blockedofcourse@foo.invalid> wrote:
(Without having seen them...) Can you create a PNG of a group
of them arranged in a matrix. Then, a map that allows clicking
on any *part* of the composite image to provide a more detailed
"popup" to inspect?
I.e., each individual image is a trip back to the server to
fetch that image. A single composite could reduce that to
one fetch with other actions conditional on whether or not
the user wants "more/finer detail"
All of this "graphical captcha" stuff is easy to hack if somebody is
out to trash *your* site.
For example I run some sites and paid someone 1k or so to develop a
graphical captcha. It displayed two numbers as graphic images and you
had to enter their product e.g. 12 x 3 = 36.
A friend who is an expert at unix spent just a few mins on a script
which used standard unix utilities to do OCR on the page, and you can
guess the rest.
Maybe consider hosting the web server yourself, using a virtual machine/Promox
as the host and a Cloudflare tunnel for security:
On 3/14/2024 9:26 AM, Peter wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
(Without having seen them...) Can you create a PNG of a group
of them arranged in a matrix. Then, a map that allows clicking
on any *part* of the composite image to provide a more detailed
"popup" to inspect?
I.e., each individual image is a trip back to the server to
fetch that image. A single composite could reduce that to
one fetch with other actions conditional on whether or not
the user wants "more/finer detail"
All of this "graphical captcha" stuff is easy to hack if somebody is
out to trash *your* site.
If you are *targeted*, then all bets are off. At the end of the
day, your adversary could put a REAL HUMAN to the task of hammering
away at it.
Don Y <blockedofcourse@foo.invalid> wrote:
On 3/14/2024 9:26 AM, Peter wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
(Without having seen them...) Can you create a PNG of a group
of them arranged in a matrix. Then, a map that allows clicking
on any *part* of the composite image to provide a more detailed
"popup" to inspect?
I.e., each individual image is a trip back to the server to
fetch that image. A single composite could reduce that to
one fetch with other actions conditional on whether or not
the user wants "more/finer detail"
All of this "graphical captcha" stuff is easy to hack if somebody is
out to trash *your* site.
If you are *targeted*, then all bets are off. At the end of the
day, your adversary could put a REAL HUMAN to the task of hammering
away at it.
You could always have a question which involved correcting the English grammar of a sentence, but that might eliminate far more of your
visitors than you intended.
You could always have a question which involved correcting the English >grammar of a sentence, but that might eliminate far more of your
visitors than you intended.
I operate a server in stealth mode; it won't show up on
network probes so robots/adversaries just skip over the
IP and move on to others. Folks who *should* be able to
access it know how to "get its attention".
liz@poppyrecords.invalid.invalid (Liz Tuddenham) wrote:
You could always have a question which involved correcting the English >grammar of a sentence, but that might eliminate far more of your
visitors than you intended.
Yeah; like 95% ;)
Don Y <blockedofcourse@foo.invalid> wrote:
I operate a server in stealth mode; it won't show up on
network probes so robots/adversaries just skip over the
IP and move on to others. Folks who *should* be able to
access it know how to "get its attention".
Port knocking ;)
Don Y <blockedofcourse@foo.invalid> wrote:
On 3/14/2024 9:26 AM, Peter wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
(Without having seen them...) Can you create a PNG of a group
of them arranged in a matrix. Then, a map that allows clicking
on any *part* of the composite image to provide a more detailed
"popup" to inspect?
I.e., each individual image is a trip back to the server to
fetch that image. A single composite could reduce that to
one fetch with other actions conditional on whether or not
the user wants "more/finer detail"
All of this "graphical captcha" stuff is easy to hack if somebody is
out to trash *your* site.
If you are *targeted*, then all bets are off. At the end of the
day, your adversary could put a REAL HUMAN to the task of hammering
away at it.
You could always have a question which involved correcting the English grammar of a sentence, but that might eliminate far more of your
visitors than you intended.
On 2024-03-15 12:33, Peter wrote:
 Don Y <blockedofcourse@foo.invalid> wrote:
I operate a server in stealth mode; it won't show up on
network probes so robots/adversaries just skip over the
IP and move on to others. Folks who *should* be able to
access it know how to "get its attention".
What is "stealth mode", what do you do?
Port knocking ;)
I was thinking of using a high port. I do that.
Don Y <blockedofcourse@foo.invalid> wrote:
I operate a server in stealth mode; it won't show up on
network probes so robots/adversaries just skip over the
IP and move on to others. Folks who *should* be able to
access it know how to "get its attention".
Port knocking ;)
On 3/15/2024 3:41 AM, Liz Tuddenham wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
On 3/14/2024 9:26 AM, Peter wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
(Without having seen them...) Can you create a PNG of a group
of them arranged in a matrix. Then, a map that allows clicking
on any *part* of the composite image to provide a more detailed
"popup" to inspect?
I.e., each individual image is a trip back to the server to
fetch that image. A single composite could reduce that to
one fetch with other actions conditional on whether or not
the user wants "more/finer detail"
All of this "graphical captcha" stuff is easy to hack if somebody is
out to trash *your* site.
If you are *targeted*, then all bets are off. At the end of the
day, your adversary could put a REAL HUMAN to the task of hammering
away at it.
You could always have a question which involved correcting the English grammar of a sentence, but that might eliminate far more of your
visitors than you intended.
Require visitors to insert correct punctuation:
John had had had had had had had a better effect
Don Y <blockedofcourse@foo.invalid> wrote:
On 3/15/2024 3:41 AM, Liz Tuddenham wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
On 3/14/2024 9:26 AM, Peter wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
(Without having seen them...) Can you create a PNG of a group
of them arranged in a matrix. Then, a map that allows clicking
on any *part* of the composite image to provide a more detailed
"popup" to inspect?
I.e., each individual image is a trip back to the server to
fetch that image. A single composite could reduce that to
one fetch with other actions conditional on whether or not
the user wants "more/finer detail"
All of this "graphical captcha" stuff is easy to hack if somebody is >>>>> out to trash *your* site.
If you are *targeted*, then all bets are off. At the end of the
day, your adversary could put a REAL HUMAN to the task of hammering
away at it.
You could always have a question which involved correcting the English
grammar of a sentence, but that might eliminate far more of your
visitors than you intended.
Require visitors to insert correct punctuation:
John had had had had had had had a better effect
"He helped his Uncle Jack off a horse."
Don Y <blockedofcourse@foo.invalid> wrote:
On 3/15/2024 3:41 AM, Liz Tuddenham wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
On 3/14/2024 9:26 AM, Peter wrote:
Don Y <blockedofcourse@foo.invalid> wrote:
(Without having seen them...) Can you create a PNG of a group
of them arranged in a matrix. Then, a map that allows clicking
on any *part* of the composite image to provide a more detailed
"popup" to inspect?
I.e., each individual image is a trip back to the server to
fetch that image. A single composite could reduce that to
one fetch with other actions conditional on whether or not
the user wants "more/finer detail"
All of this "graphical captcha" stuff is easy to hack if somebody is >>>>> out to trash *your* site.
If you are *targeted*, then all bets are off. At the end of the
day, your adversary could put a REAL HUMAN to the task of hammering
away at it.
You could always have a question which involved correcting the English
grammar of a sentence, but that might eliminate far more of your
visitors than you intended.
Require visitors to insert correct punctuation:
John had had had had had had had a better effect
"He helped his Uncle Jack off a horse."
Port knocking ;)
I was thinking of using a high port. I do that.
You could always have a question which involved correcting the English
grammar of a sentence, but that might eliminate far more of your
visitors than you intended.
Yeah; like 95% ;)
[Said in best posh English accent]
Did you meean: "Yes; for instance 95%" ? :-)
Then, DON'T acknowledge the packet. Pretend the network
cable is terminated in dead air.
On 3/14/2024 2:37 PM, bitrex wrote:
Maybe consider hosting the web server yourself, using a virtual
machine/Promox as the host and a Cloudflare tunnel for security:
The advantage is that you can institute whatever policies you want.
The DISadvantage is that YOU have to implement those policies!
And, nothing prevents your site from being targeted for a [D]DoS
attack, etc. Or, any other behavior that increases the cost to
you (in terms of your effort or servicing/hosting fees from
provider(s).
It's often easier (less hassle) to just avail yourself of some
free service to host the content and let THEM worry about
these issues. (unless you enjoy dicking with this sort of thing)
Don Y <blockedofcourse@foo.invalid> wrote:
Then, DON'T acknowledge the packet. Pretend the network
cable is terminated in dead air.
Can you actually do that, with a standard server? Normally every
TCP/IP packet is acked. This is deep in the system.
UDP isn't, which is why port knocking works so well.
"Carlos E.R." <robin_listas@es.invalid> wrote:
Port knocking ;)
I was thinking of using a high port. I do that.
The sniffer will find any port # in a few more seconds...
On 3/14/2024 9:26 PM, Don Y wrote:
On 3/14/2024 2:37 PM, bitrex wrote:
Maybe consider hosting the web server yourself, using a virtual
machine/Promox as the host and a Cloudflare tunnel for security:
The advantage is that you can institute whatever policies you want.
The DISadvantage is that YOU have to implement those policies!
And, nothing prevents your site from being targeted for a [D]DoS
attack, etc. Or, any other behavior that increases the cost to
you (in terms of your effort or servicing/hosting fees from
provider(s).
It's often easier (less hassle) to just avail yourself of some
free service to host the content and let THEM worry about
these issues. (unless you enjoy dicking with this sort of thing)
OK, don't have to self-host. There are possible privacy/security concerns using
Cloudflare for private data/WAN applications but for public-facing generally static web pages it seems like a no-brainer, they have pretty generous free plans.
Can you actually do that, with a standard server? Normally every
TCP/IP packet is acked. This is deep in the system.
You have to rewrite your stack. *You* have to handle raw
packets instead of letting services (or the "super server")
handle them for you.
Don Y <blockedofcourse@foo.invalid> wrote:
Can you actually do that, with a standard server? Normally every
TCP/IP packet is acked. This is deep in the system.
You have to rewrite your stack. *You* have to handle raw
packets instead of letting services (or the "super server")
handle them for you.
OK, so this is very rare.
"Carlos E.R." <robin_listas@es.invalid> wrote:
Port knocking ;)
I was thinking of using a high port. I do that.
The sniffer will find any port # in a few more seconds...
On 2024-03-15 16:55, Peter wrote:
 "Carlos E.R." <robin_listas@es.invalid> wrote:
Port knocking ;)
I was thinking of using a high port. I do that.
The sniffer will find any port # in a few more seconds...
Actually it takes longer than that. So far, no hits; and I would notice when someone tries to login on ssh.
Of course, one can defend the fort from casual attackers, not from determined attackers; those will eventually find a way.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 415 |
Nodes: | 16 (2 / 14) |
Uptime: | 42:46:44 |
Calls: | 8,722 |
Calls today: | 5 |
Files: | 13,276 |
Messages: | 5,957,032 |