|
Title: Changes to our handling of rogue requests Post by: grahame on December 01, 2020, 10:29:34 I have updated our server and there's now a new (and far cheaper) error page send out to visitors from blacklisted remote address ranges. A cheap error page rather than returning a real response saves our admin team from having trawl through thousands of sign up requests, saves our server resources for use on handling real requests, and saves us from most attempts to inject code or content into our systems.
The volume of traffic from rogue addresses can be huge - 60,000 requests from a single location yesterday, with them arriving at a rate of over ten per second at a peak. And in some circumstances, our server blacklists a range automatically. Very occasionally, a blacklisted lasso takes in a forum member as well as the rogue traffic - should you get an error page, please email me with the description block - example follows - and I can sort you out. If you get a page like this - zero 'blame' on you. It's probably because someone on a nearby address is being or has been naughty, or addresses have been re-assigned and you have been give one that previously caused us trouble. One or two members have, sorry, been caught a couple of times. Quote Description You have asked for /error/errorpage.php You have asked of (our server) vcrp.uk [88.202.183.177] on port 80 You have asked from (client) 77.101.27.190 You have asked using the GET method and HTTP/1.1 protocol Your browser is Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15 You were referred here from http://vcrp.uk/ You received response code 200 ( OK ) at 10:15 on 1 Dec 20 If you think you should have received a real page - please contact me - graham/at/wellho/dot/net Please copy and paste the description (above) in your email so I can resolve any problem. Thank You. We are always tuning things but we do need to keep some sort of traffic filter in place - both for the sake of our server, and our admin sanity too. Here's an example of a "Denial of Service" attack last night (IP addresses obfurscated) (http://www.wellho.net/pix/innight20201201.jpg) And here you can see how much we slashed the system load when we changed to the cheap blacklist (thicker black line is today ... other colours are previous days) (http://www.wellho.net/pix/innightb20201201.jpg) Title: Re: Changes to our handling of rogue requests Post by: grahame on June 16, 2022, 06:28:16 The volume of traffic from rogue addresses can be huge - 60,000 requests from a single location yesterday, with them arriving at a rate of over ten per second at a peak. And in some circumstances, our server blacklists a range automatically. Very occasionally, a blacklisted lasso takes in a forum member as well as the rogue traffic - should you get an error page, please email me with the description block - example follows - and I can sort you out. If you get a page like this - zero 'blame' on you. It's probably because someone on a nearby address is being or has been naughty, or addresses have been re-assigned and you have been give one that previously caused us trouble. One or two members have, sorry, been caught a couple of times. A couple of reports over recent days - so I have cleared most of the older records from the blacklist and have a "watching brief". Hopefully the issues will be back to "very occasional" and the extra work on the admins to clear rogue sign-up requests will not be too great. I do have a backup of the old blacklist in case it needs re-instating. This page is printed from the "Coffee Shop" forum at http://gwr.passenger.chat which is provided by a customer of Great Western Railway. Views expressed are those of the individual posters concerned. Visit www.gwr.com for the official Great Western Railway website. Please contact the administrators of this site if you feel that content provided contravenes our posting rules ( see http://railcustomer.info/1761 ). The forum is hosted by Well House Consultants - http://www.wellho.net |