Re: Chinese downloads overloading my website

On Fri, 8 Mar 2024 11:16:46 +0000, Martin Brown
<'''newspam'''@nonad.co.uk> wrote:

On 07/03/2024 17:49, legg wrote:

Got a note from an ISP today indicating that my website
was suspended due to data transfer over-use for the month. (>50G)
It's only the 7th day of the month and this hadn't been a
problem in the 6 years they'd hosted the service.
 Turns out that three chinese sources had downloaded the same
set of files, each 262 times. That would do it.

>
Much as I *hate* Captcha this is the sort of DOS attack that it helps to prevent. The other option is to add a script to tarpit or block completely second or third requests for the same large files coming from the same IP address occurring within the hour.
>

So, anyone else looking to update bipolar semiconductor,
packaging or spice parameter spreadsheets; look at K.A.Pullen's
'Conductance Design Curve Manual' or any of the other bits
stored at ve3ute.ca are out of luck, for the rest of the month .
 Seems strange that the same three addresses downloaded the
same files, the same number of times. Is this a denial of
service attack?

>
Quite likely. Your ISP should be able to help you with this if they are any good. Most have at least some defences against ridiculous numbers of downloads or other traffic coming from the same bad actor source.
>
Provided that you don't have too many customers in mainland china blacklist the main zones of their IP address range:
>
https://lite.ip2location.com/china-ip-address-ranges?lang=en_US
>
One rogue hammering your site is just run of the mill bad luck but three of them doing it in quick succession looks very suspicious to me.

Beijin, Harbin and roaming.
Yeah. You gotta ask yourself; what's the friggin' point?
RL