Requests from Microsoft IP Addresses
Torbjörn Granlund
tg at gmplib.org
Sat Jun 17 16:12:14 CEST 2023
Mike Blacker <mikeblacker at github.com> writes:
Microsoft and GitHub have investigated the issue and determined that a
Github user updated a script within the FFMPeg-Builds project that pulled
content from https://gmplib.org. This build was configured to run parallel
simultaneous tests on 100 different types of computers/architectures. This
activity does not appear to be nefarious. GMPLIB appears to have limited
infrastructure that could not sustain the limited, yet simultaneous
requests.
Note that this abusive traffic is still ongoing, but it is subsiding as
I keep adding more and more Microsoft subnets to the firewall rules. I
have much better things to do than defend a public service web server
against corporate abuse!
What would you advise me to do, should I contact a US lawyer and have
them send a cease and desist letter?
I've copied a short excerpt from the current logs (these subnets are now
going into the firewall rules too, of course). Last afternoon (UTC) it
was about 10 times worse than shown here.
These logs are only the ones which repeatedly downloads large parts of
the repository. There are many other indefinitely repeated requests,
but these below are the ones which really cause significant CPU load and
network traffic.
20.57.73.47 - - [17/Jun/2023:15:28:49 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788851 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.172.10.64 - - [17/Jun/2023:15:28:58 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788842 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.185.158.94 - - [17/Jun/2023:15:29:45 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5789473 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.57.73.47 - - [17/Jun/2023:15:30:06 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 14612259 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.185.158.94 - - [17/Jun/2023:15:30:15 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788753 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.172.10.64 - - [17/Jun/2023:15:30:35 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788836 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
172.176.188.82 - - [17/Jun/2023:15:31:31 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788889 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.49.37.18 - - [17/Jun/2023:15:31:36 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788866 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.172.10.64 - - [17/Jun/2023:15:31:45 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788864 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.185.158.94 - - [17/Jun/2023:15:31:50 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788767 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
172.177.96.47 - - [17/Jun/2023:15:32:09 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5790455 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.49.37.18 - - [17/Jun/2023:15:32:31 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788838 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.172.10.64 - - [17/Jun/2023:15:33:22 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788838 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.49.37.18 - - [17/Jun/2023:15:33:44 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788851 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
65.52.35.13 - - [17/Jun/2023:15:33:50 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 14613459 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
--
Torbjörn
Please encrypt, key id 0xC8601622
More information about the gmp-devel
mailing list