| Last night, a single user (or, at least, a single IP address) | in China that self-identified as running windows98 and | Mozilla 4.0 attempted to download sqlite-3.3.12.tar.gz | 24980 times and sqlite-source-3_3_12.zip 25044 times | over about a 5 hour period, sucking up significant | bandwidth in the process. | | I've seen this type of thing before and have on occasion | banned specific IP addresses from the website using | | iptables -A INPUT -s <ipaddress> -j DROP | | But lately, there have been so many problems coming from | win98 and moz4 that I'm thinking of banning all traffic | that self-identifies as such in the User-Agent string of | the HTTP header.
Given 50K attempts in 5 hours, this is either a bug somewhere or it's automated, likely the latter. In that case, dropping packets based on the User-Agent isn't going to fix the problem - especially if it's mentioned here... It's more work, but something that monitors your log file and selectively bans IP addresses and/or throttles download speed (keeping the connection open), might serve you better. Terry ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
