Remember how two months ago I started seeing sudden denial of service events on my tiny server. Load was creeping up to 20, 30, nearly 40. This server has two cores so the maximum should be 2. I started writing about it on 2024-09-18 Emacs Wiki and China. And I started blocking entire networks instead of just blocking individual IP numbers because I noticed that the global networks of hosting providers and the easy parallelization they offered meant that the same requests would come from many different IP numbers. By blocking the entire networks, I was blocking the IP number ranges of service providers that rented out their services to these maladapted programmers. If my goal is serving humans that browse the web, I don't feel bad about blocking network ranges that are used by machines.
2024-09-18 Emacs Wiki and China
Anyway, this little update is just to show that they're still at it. Over the weekend I noticed at one point how everything was slow. And it was getting slower. I managed to open a ssh connection to the server and noticed that load was up to 20 and climbing.
What had happened? I had rebooted the server on the evening of November 21st, late at night. Load started going up and on Sunday grow by another factor of two and everything was terrible. It's always on the weekend. Are they speculating on the admins being asleep at the wheel?
So, on the day of my marriage anniversary, I have to fight the fucking bots from Chine, once again.
I suspect that my ban list had not been restored correctly after the reboot. So what I did was this:
1. run ban-cidr in order to ban anybody the firewall forgot
2. identify some more bad actors using network-lookup
3. ban them by grepping the network-lookup output and piping it into a shell
4. add them to the ban-cidr file
Yay me! 🥳
But I wonder. Why do the Chinese bots love Emacs Wiki so much? It's the Emacs Wiki resources that shoot up when load shoots up.
And check out the WHOIS data I've been adding to the ban-cidr file. These requests originate all over China, from many different networks. It almost seems like a coordinated, national strategy. Are they looking for something?
Is the counter-revolution using Emacs??
​#Emacs ​#Administration ​#Butlerian Jihad
