My Gopher server crashed and burned today. When my monitor finally killed it, it took so long to shut down that the address was still in use when the replacement got started and so it didn’t get back up. What was this all about?
alex@sibirocobombus:~$ bin/time-grouping-gopher < farm/gopher-server.log.1
Hour Connections [%] Selectors [%]
2018-04-10 06 60 1% 60 1%
2018-04-10 07 84 2% 84 2%
2018-04-10 08 77 2% 76 2%
2018-04-10 09 55 1% 54 1%
2018-04-10 10 40 1% 39 1%
2018-04-10 11 39 1% 39 1%
2018-04-10 12 81 2% 81 2%
2018-04-10 13 62 1% 62 1%
2018-04-10 14 36 1% 36 1%
2018-04-10 15 40 1% 40 1%
2018-04-10 16 72 1% 72 1%
2018-04-10 17 45 1% 45 1%
2018-04-10 18 151 3% 151 3%
2018-04-10 19 4202 83% 4182 83%
OK, so somehow somebody felt it was OK to write a bot that made 4202 connections in 3600s. Please don’t be this person.
What do we know about this person?
alex@sibirocobombus:~$ bin/ip-numbers-gopher < farm/gopher-server.log.1 | head -n 2
IP Connections [%]
79.165.173.172 4162 83%
What does WHOIS tell us?
inetnum: 79.165.160.0 - 79.165.175.255 netname: Neo-CNT descr: BRAS E-320-32 DHCP-pool descr: Russian Central Telegraph, Moscow country: RU
Thanks, person.
#Gopher #Russia
(Please contact me if you want to remove your comment.)
⁂
C-Keen says this same IP has had him implement the “tarpit”: gopher://vernunftzentrum.de:70/0/ckeen/phlog/2018-04-09-Dealing-with-rogue-crawlers.md
gopher://vernunftzentrum.de:70/0/ckeen/phlog/2018-04-09-Dealing-with-rogue-crawlers.md
– Alex Schroeder 2018-04-11 23:26 UTC