Root cause of these and others is an ongoing DDoS of RuleQA, coming
mostly from Huawei Cloud IPs hitting ruleqa.cgi with stupid queries.
Possibly AI crawlers. There were some 'Require not ip' entries in the
.htaccess for the worst offenders, but doing that at the HTTP level was
still too rough on the machine, so I've inserted the lot at the top of
the INPUT chain in iptables. I have also reduced the TCP close/fin/time
wait times to clear out dead sessions faster.
Both of these are ephemeral changes which will go away at reboot, which
is fine as they are easy to redo if we still need them after the next
reboot, i.e. if the bots have given up.
Load avg. is now below 1.0.
On 2025-05-15 at 17:16:40 UTC-0400 (Thu, 15 May 2025 21:16:40 +0000
(UTC))
Cron Daemon <sysadmins@spamassassin.apache.org>
is rumored to have said:
svn: E170013: Unable to connect to a repository at URL
'http://svn.apache.org/repos/asf/spamassassin/site/updates'
svn: E670003: Temporary failure in name resolution
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
