Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SJTUG 镜像服务管理日志 | Report of Abuse in SJTUG Mirror Service #196

Open
skyzh opened this issue Jun 15, 2021 · 16 comments
Open

SJTUG 镜像服务管理日志 | Report of Abuse in SJTUG Mirror Service #196

skyzh opened this issue Jun 15, 2021 · 16 comments

Comments

@skyzh
Copy link
Member

skyzh commented Jun 15, 2021
edited
Loading

这个 issue 会记录滥用 SJTUG 镜像站的行为,和相应的处理措施。如果您的 IP 或特征出现在这个列表中,请邮件联系我们解封。

This issue records abuse of SJTUG Mirror Service. If you find yourself in this list, please email us to unblock.
@sjtug sjtug locked as resolved and limited conversation to collaborators Jun 15, 2021
@skyzh
Copy link
Member Author

skyzh commented Jun 15, 2021
edited
Loading

日期: 2021-06-15
操作: 通过 iptables 封禁 IP 119.167.161.101 119.167.161.133 访问 siyuan mirror server
原因: 发送数百万请求访问 /opensuse/distribution/leap/15.3/appliances/iso/openSUSE-Leap-15.3-GNOME-Live-x86_64-Build9.88-Media.iso,影响镜像站服务器的正常服务。

@skyzh skyzh pinned this issue Jun 15, 2021
@skyzh
Copy link
Member Author

skyzh commented Jun 21, 2021
edited
Loading

日期: 2021-06-21
事件: 发现 119.167.161.101 119.167.161.133 119.167.161.165 发送数十万请求下载 Qt 安装包。疑似使用多线程下载工具。
操作: 虽然不是对 SJTUG 镜像服务的滥用行为,但可能对服务器造成一定的压力。等 ELK infra 升级后针对 UA 进行封禁和提示。目前暂时不做操作。

@skyzh
Copy link
Member Author

skyzh commented Jun 24, 2021

日期: 2021-06-23
事件: 发现 117.26.48.223 对 cpan 目录渗透测试扫描漏洞,发送数千万请求,对服务器造成一定压力。
建议: 对于 cpan 目录,SJTUG 镜像站仅提供静态文件服务,对于此目录的渗透测试通常不会有效果。
操作: 暂时不做操作。之后在用户协议中会写明进行渗透测试所需要的步骤。建议提前通过邮件联系 SJTUG 镜像站维护者,并挑选服务器压力较小的时间段测试。

@skyzh
Copy link
Member Author

skyzh commented Jul 7, 2021

日期: 2021-07-07
事件: 发现 119.167.161.101 119.167.161.133 119.167.161.165 长期发送数十万请求下载 Qt 安装包。
操作: 为了缓解日志服务的压力,通过 iptables 封禁 IP 119.167.161.101 119.167.161.133 119.167.161.165 访问 zhiyuan mirror server

@skyzh
Copy link
Member Author

skyzh commented Jul 10, 2021
edited
Loading

日期: 2021-07-10
事件: 发现 220.177.83.178 反复下载 /centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-dvd1.iso,一天跑掉 3TB 流量。
操作: 通过 iptables 封禁 220.177.83.178 访问 siyuan mirror server

@skyzh
Copy link
Member Author

skyzh commented Jul 10, 2021
edited
Loading

日期: 2021-07-10
事件: 发现 210.30.209.157 发数十万请求下载不存在的 /qt/official_releases/qt/5.9/5.9.9/single/qt-everywhere-opensource-src-5.9.9.zip
操作:通过 iptables 封禁 210.30.209.157 访问 zhiyuan mirror server

@skyzh
Copy link
Member Author

skyzh commented Jul 13, 2021

日期: 2021-07-13
事件: 发现 1.80.80.146 发送大量非正常访问的请求。
操作: 没有对服务器造成太大压力,不作处理。

@skyzh
Copy link
Member Author

skyzh commented Jul 21, 2021

日期: 2021-07-21
事件: 发现 220.94.163.18 发送数千万请求下载 flathub 内容,疑似在进行镜像。
操作: 不作处理。
建议: 通过 ostree 做 flathub 镜像效率极低,因此我们建议在正常使用过程中按需缓存。

@skyzh
Copy link
Member Author

skyzh commented Jul 24, 2021

日期: 2021-07-25
事件: 发现 113.88.12.160113.110.228.64 发送数十万请求下载不存在的 /qt/official_releases/qt/5.9/5.9.9/single/qt-everywhere-opensource-src-5.9.9.zip
操作:通过 iptables 封禁 113.88.12.160113.110.228.64 访问 zhiyuan mirror server

@skyzh
Copy link
Member Author

skyzh commented Jul 31, 2021
edited
Loading

日期: 2021-07-31
事件: 发现 36.152.11.198 发送大量请求下载 docker 内容,其中大部分 manifest 都不存在,属于滥用反代的行为。
操作: 通过 iptables 封禁 36.152.11.198 访问 zhiyuan + siyuan mirror server

@skyzh
Copy link
Member Author

skyzh commented Jul 31, 2021

日期: 2021-07-31
事件: 发现 114.112.77.164 请求 /fedora/epel/7/x86_64/repodata/repomd.xml 数十万次。
操作: 通过 iptables 封禁 114.112.77.164 访问 siyuan mirror server

@skyzh skyzh changed the title SJTUG 镜像服务管理日志 SJTUG 镜像服务管理日志 | Report of Abuse in SJTUG Mirror Service Jul 31, 2021
@skyzh
Copy link
Member Author

skyzh commented Aug 4, 2021

日期: 2021-08-04
事件: 发现 220.177.83.112 下载 /centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-dvd1.iso 跑掉 2TB 流量。
操作: 通过 iptables 封禁 220.177.83.112 访问 siyuan mirror server

@skyzh
Copy link
Member Author

skyzh commented Aug 18, 2021

日期: 2021-08-18
事件: 发现 120.229.95.180 在 AlmaLinux 下发送数十万请求。
操作: 警告。同步前请邮件镜像站管理员。

@skyzh
Copy link
Member Author

skyzh commented Sep 11, 2021

日期: 2021-09-11
时间: 发现 220.177.83.170 下载 /centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-dvd1.iso 跑掉 2TB 流量。
操作: 通过 iptables 封禁 220.177.83.170 访问 siyuan mirror server

@skyzh
Copy link
Member Author

skyzh commented Sep 13, 2021

由于 220.177.83.0/24 长期的滥用行为,该 IP 段已经被两台服务器同时封禁。

@skyzh
Copy link
Member Author

skyzh commented Nov 4, 2021
edited
Loading

日期: 2021-11-04
事件: 发现 112.45.16.199 112.45.16.198 发送大量请求下载 /centos/8.4.2105/isos/x86_64/CentOS-8.4.2105-x86_64-dvd1.iso
操作: 通过 iptables 封禁 112.45.16.0/24

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@skyzh