I did that but don't think it will catch them all. I had a list of 100 individual ones, see below. Can you recognize subnets in them? blacklist: - subnet: 82.179.176.44 - subnet: 83.230.127.124 - subnet: 88.2.234.60 - subnet: 128.10.19.53 - subnet: 128.84.154.45 - subnet: 128.42.142.44 - subnet: 128.36.233.154 - subnet: 128.111.52.59 - subnet: 128.114.63.64 - subnet: 128.138.207.45 - subnet: 128.227.150.12 - subnet: 128.208.4.198 - subnet: 128.151.65.101 - subnet: 128.223.8.112 - subnet: 128.232.103.201 - subnet: 129.10.120.194 - subnet: 129.15.78.30 - subnet: 129.74.74.20 - subnet: 129.82.12.188 - subnet: 129.93.229.139 - subnet: 129.97.74.14 - subnet: 129.108.202.11 - subnet: 129.130.252.140 - subnet: 129.237.161.194 - subnet: 130.37.193.143 - subnet: 130.83.166.243 - subnet: 130.104.72.213 - subnet: 130.216.1.22 - subnet: 130.253.21.123 - subnet: 130.195.4.68 - subnet: 130.237.50.125 - subnet: 131.179.150.72 - subnet: 131.188.44.102 - subnet: 132.65.240.100 - subnet: 132.72.23.10 - subnet: 132.170.3.32 - subnet: 132.181.10.56 - subnet: 133.1.74.163 - subnet: 133.15.59.2 - subnet: 133.68.253.242 - subnet: 134.151.255.181 - subnet: 138.4.0.120 - subnet: 138.251.214.78 - subnet: 136.159.220.40 - subnet: 138.48.3.202 - subnet: 139.78.141.245 - subnet: 139.165.12.211 - subnet: 140.109.17.181 - subnet: 140.112.107.82 - subnet: 140.123.230.248 - subnet: 141.11.0.162 - subnet: 141.20.103.211 - subnet: 141.219.252.133 - subnet: 142.103.2.2 - subnet: 143.89.49.73 - subnet: 143.225.229.238 - subnet: 155.245.47.225 - subnet: 155.246.12.163 - subnet: 156.56.250.226 - subnet: 156.62.231.244 - subnet: 157.92.44.101 - subnet: 160.80.221.39 - subnet: 161.106.240.19 - subnet: 169.226.40.2 - subnet: 169.229.50.15 - subnet: 165.91.55.8 - subnet: 165.230.49.115 - subnet: 192.1.249.138 - subnet: 192.12.33.102 - subnet: 192.16.125.11 - subnet: 192.38.109.144 - subnet: 192.41.135.219 - subnet: 192.42.43.23 - subnet: 192.107.171.145 - subnet: 193.1.201.27 - subnet: 193.138.2.13 - subnet: 193.196.39.9 - subnet: 193.167.187.185 - subnet: 193.136.19.13 - subnet: 193.166.167.5 - subnet: 193.205.215.74 - subnet: 193.226.19.31 - subnet: 194.29.178.13 - subnet: 194.167.254.19 - subnet: 194.254.215.12 - subnet: 195.130.124.1 - subnet: 198.82.160.221 - subnet: 200.0.206.137 - subnet: 200.0.206.168 - subnet: 200.17.202.195 - subnet: 200.129.132.19 - subnet: 202.23.159.52 - subnet: 202.125.215.12 - subnet: 202.237.248.222 - subnet: 202.249.37.67 - subnet: 203.110.240.190 - subnet: 203.178.133.2 - subnet: 212.51.218.235 - subnet: 213.73.40.106 - subnet: 213.131.1.101
Thanks Kate On Thursday, August 9, 2012 2:37:48 PM UTC-4, alex wrote: > > well, while you're notifying planetlab and whatnot you could create and > upload a dos.yaml for the time being with a content similar to this: > > blacklist: > - subnet: 132.65.0.0/16 > - subnet: 133.0.0.0/8 > description: somewhere in china > - subnet: 136.159.0.0/16 > - subnet: 138.250.0.0/15 > - subnet: 138.48.0.0/16 > - subnet: 139.165.0.0/16 > - subnet: 141.219.252.0/24 > - subnet: 193.1.0.0/16 > description: planetlab > - subnet: 193.136.16.0/24 > - subnet: 193.166.167.0/24 > - subnet: 195.130.124.0/22 > - subnet: 200.17.192.0/19 > > > - put that file in your app root dir and do something like this from a > terminal: > > "appcfg.py update_dos ." > > > On Thursday, August 9, 2012 6:13:14 PM UTC+2, Kate wrote: >> >> They are not coming from the same IP. They are mostly in Europe but there >> are no subnets. >> >> There are hundreds of them and google only lets you block 100. >> >> eg >> >> 132.65.240.100 >> 133.15.59.2 >> 193.136.19.13 >> 139.165.12.211 >> 193.166.167.5 >> 141.219.252.133 >> 200.17.202.195 >> 195.130.124.1 >> 193.1.201.27 >> 138.48.3.202 >> 136.159.220.40 >> 138.251.214.78 >> >> >> all these and more within a minute. >> >> They are all different. >> >> Kate >> >> >> >> On Thursday, August 9, 2012 9:55:29 AM UTC-4, alex wrote: >>> >>> Kate, >>> >>> If barryhunter is right and all the IPs are coming from the same ISP >>> anyway, you can simply block the whole subnetwork ranges of that ISP (at >>> least temporary) using dos.yaml: >>> https://developers.google.com/appengine/docs/python/config/dos >>> >>> It'll be pain in the ass updating the file every time you encounter new >>> subnets but at least you could probably save some quota 'till you move >>> somewhere else or figure something out. >>> >>> -- alex >>> >>> On Thursday, August 9, 2012 1:59:57 PM UTC+2, Kate wrote: >>>> >>>> Hi Sergey, >>>> >>>> Here is a typical example >>>> 2012-08-09 06:51:16.597 / 302 30ms 0kb curl/7.18.2 >>>> (i386-redhat-linux-gnu) libcurl/7.18.2 NSS/3.12.2.0 zlib/1.2.3 >>>> libidn/0.6.14 libssh2/0.18 >>>> 202.125.215.12 - - [09/Aug/2012:04:51:16 -0700] "HEAD / HTTP/1.1" 302 >>>> 153 - "curl/7.18.2 (i386-redhat-linux-gnu) libcurl/7.18.2 >>>> NSS/3.12.2.0zlib/1.2.3 libidn/0.6.14 libssh2/0.18" " >>>> aussieclouds.appspot.com" ms=31 cpu_ms=0 api_cpu_ms=0 cpm_usd=0.000049 >>>> instance=00c61b117c2f994812ed63184c9c5544dea738 >>>> >>>> But the ip address varies. My code forces 302 response. Before I added >>>> the code they were throwing errors head method not found. But even though >>>> I >>>> am doing the 303 I am still getting front end time exceeded and these >>>> requests are taking up about 95% of my quota. So to keep the site alive I >>>> would have to pay for them, I have lost most of my European and Australian >>>> visitors because the site is down every night during those places daylight >>>> hours. Obviously I can't continue like this and so will have to move to a >>>> provider capable of blocking these requests, >>>> >>>> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/7Ew0224g35kJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
