Requests from Microsoft IP Addresses

Torbjörn Granlund tg at gmplib.org
Sat Jun 17 16:12:14 CEST 2023 

Mike Blacker <mikeblacker at github.com> writes:

  Microsoft and GitHub have investigated the issue and determined that a
  Github user updated a script within the FFMPeg-Builds project that pulled
  content from https://gmplib.org. This build was configured to run parallel
  simultaneous tests on 100 different types of computers/architectures. This
  activity does not appear to be nefarious. GMPLIB appears to have limited
  infrastructure that could not sustain the limited, yet simultaneous
  requests.

Note that this abusive traffic is still ongoing, but it is subsiding as
I keep adding more and more Microsoft subnets to the firewall rules.  I
have much better things to do than defend a public service web server
against corporate abuse!

What would you advise me to do, should I contact a US lawyer and have
them send a cease and desist letter?

I've copied a short excerpt from the current logs (these subnets are now
going into the firewall rules too, of course).  Last afternoon (UTC) it
was about 10 times worse than shown here.

These logs are only the ones which repeatedly downloads large parts of
the repository.  There are many other indefinitely repeated requests,
but these below are the ones which really cause significant CPU load and
network traffic.

20.57.73.47 - - [17/Jun/2023:15:28:49 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788851 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.172.10.64 - - [17/Jun/2023:15:28:58 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788842 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.185.158.94 - - [17/Jun/2023:15:29:45 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5789473 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.57.73.47 - - [17/Jun/2023:15:30:06 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 14612259 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.185.158.94 - - [17/Jun/2023:15:30:15 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788753 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.172.10.64 - - [17/Jun/2023:15:30:35 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788836 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
172.176.188.82 - - [17/Jun/2023:15:31:31 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788889 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.49.37.18 - - [17/Jun/2023:15:31:36 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788866 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.172.10.64 - - [17/Jun/2023:15:31:45 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788864 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.185.158.94 - - [17/Jun/2023:15:31:50 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788767 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
172.177.96.47 - - [17/Jun/2023:15:32:09 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5790455 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.49.37.18 - - [17/Jun/2023:15:32:31 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788838 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.172.10.64 - - [17/Jun/2023:15:33:22 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788838 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
20.49.37.18 - - [17/Jun/2023:15:33:44 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 5788851 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"
65.52.35.13 - - [17/Jun/2023:15:33:50 +0200] "GET /repo/gmp/?cmd=getbundle HTTP/1.1" 200 14613459 "-" "mercurial/proto-1.0 (Mercurial 6.3.2)"


-- 
Torbjörn
Please encrypt, key id 0xC8601622

More information about the gmp-devel mailing list