Post reply

Name:
Email:
Subject:
Tags:

Seperate each tag by a comma
Message icon:

Attach:
(Clear Attachment)
(more attachments)
Allowed file types: apk, doc, docx, gif, jpg, mpg, pdf, png, txt, zip, xls, 3gpp, mp2, mp3, wav, odt, ods, html, mp4, amr, apk, m4a, jpeg
Restrictions: 50 per post, maximum total size 150000KB, maximum individual size 150000KB
Note that any files attached will not be displayed until approved by a moderator.
Anti-spam: complete the task

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Johann
« on: November 13, 2019, 12:17:11 PM »

Mudita with Nyoms trust into metta.

May he enjoy the fruits of giving freedom of fear by a mind of goodwill toward all being, and outer actions based on this aspect of right view.
Posted by: Johann
« on: November 09, 2019, 07:03:36 AM »

So closing might have effects. Atma opens up another time to have a look on it.
Posted by: Moritz
« on: November 09, 2019, 04:09:49 AM »

No bots (of the kind which came in large amounts) so far today, I think. (No blocking measures taken yet.)

_/\_
Posted by: Johann
« on: November 08, 2019, 09:48:02 AM »

Tempory banner which wouldn't deprive from existence or close up doors for birth might be possible with proper mind attitude. Mind: metta based on right view, Sila without any intention to take existance or harm and hurt.

Maybe not to long.

There is an mod by the young programmer of smf which makes such when a ceratin IP makes to much touches is certain time. Similar could be maybe made but with a range and a remove of banner, say 1 or 2 days again.

Currently Asian developers might try to learn what is possible of what western made over longer time more carefully. As shown, the first try was from China using manpower, now from open kept Hong kong. They now try and surely success in much shorter time, to build up an empire like God Google.

Anyway, one should be clear:

Namo tassa bhagavato arahato sammā-sambuddhassa

009.04. Bhikkhus, the highwaymen endowed with eight things does not do it long, ends up quickly. What eight?

Attacks those who should not be attacked, takes away without leaving anything, kills women, defiles maidens, plunders the gone forth, plunders the royal treasury, steals in the vicinity and does not have a saving Bhikkhus, the highwaymen endowed with these eight things does not do it long, ends up quickly.

Bhikkhus, the highwaymen endowed with eight things does it long, does not end up quickly. What eight?

Does not attack those who should not be attacked, does not take away without leaving anything, does not kill women, does not defile maidens, does not plunder the gone forth, does not plunder the royal treasury, does not steal in the vicinity and has a saving Bhikkhus, the highwaymen endowed with these eight things does it long, does not end up quickly.
Quote from: translation of AN 8.84 by Sister Uppalavanna

Foolish thieves, skilled thieves, unskilled, Robin Hoods, a mother fighting for the family surviving... they are all still thieves.

Nobody understands how importand a Dhamma search engine, with given access to search, would be and prefer to use the means of thieves...

Banner, kill, depriving... for whom ever, is still akusala.

May Nyom act what is regarded as puñña kiriya vatthu and not a little outside even if feeling it might be rightouse. So in that mood, mudita
Posted by: Moritz
« on: November 08, 2019, 07:10:49 AM »

Some common characteristics of apparent blind data-collecting robots:

IP address starting with 159.138
HTTP headers:
HTTP_REFERER:  (none)
HTTP_ORIGIN:  (none)
HTTP_ACCEPT_LANGUAGE: "zh-CN,zh;q=0.9"
HTTP_USER_AGENT: many different possibilities (probably all "faked"), but apparently always containing "AppleWebKit"

not using cookies


It seems to me that blocking by IP would be actually most reasonable. Maybe for some days or weeks at least, hoping that the robots would then not return for a while.
Searching around on the internet, others have reported the same problem since a few months about similar IP ranges.

It seems to me that requiring log-in for the whole forum does not have much lasting effect. They could probably not read and understand that login is required, and that every URL they try simply shows this same message and information.
As long as there is anything to see, and even small changes maybe (like content of the recent topics and shoutbox), it is probably "interesting" enough to try and collect data.

The bots are visiting many URLs which could not be accessed through any links for non-logged in people at the moment. So they rely on some memory of pages they visited before, or links they collected before.
There are thousands of possible URLs in the forum. So they could keep themselves busy with that for a very long time.

I think maybe only a "404 - not found" or "405 - gone" answer, if repeated long enough to them, could make them "forget" and let go of this site for maybe a longer while.
It looks like they are keeping a "slow" pace, in order to be not completely disruptive. Probably they would want to check every URL at least a few times over some longer period, until they would accept that it is useless to come back to.

So my approach would be now to just collect IP addresses (so far, all starting with 159.138) for a while and check if they all match the pattern of "probable bot". And then block all those IPs that seem to be confirmed as bots, for at least a week or two. Maybe better even a month.

Of course not totally sure how far exactly the IP range of bots goes. And such IP ranges could be re-assigned one day. But for now, it seems, they all come from some IP range currently (and probably for a longer time) belonging to "Huawei Cloud Services", i.e. some cluster of servers that anyone could rent, not belonging to any normal "consumer" internet connection of some smart phone, or laptop or desktop computer etc.

_/\_
Posted by: Johann
« on: November 06, 2019, 06:26:10 PM »

Sadhu (robots of offical search engines are given access to login in an admin setting, just for info, but guessing that this kind doesn't fall into that category).
Posted by: Moritz
« on: November 06, 2019, 06:10:47 PM »

My person guesses that cloud-robots try to uphold a most actual mirror
My person guesses that cloud-robots try to uphold a most actual mirror

Yes, that is also what I would guess.

Just archiving information. For whatever purpose.

There are of course the "benign" and generally accepted robots of web search engines like Google and Bing. But they would usually not come in such large numbers, eating so much traffic. People would complain and give such search engines a bad reputation.

There is also some kind of protocol which such "official" robots would follow, telling them where they are allowed to look and where not (robots.txt , currently nothing like that configured for sangham.net, and something I had never really learnt about, so am reading about it now). Not sure if these kinds of robots here would do that. But probably useful to know about anyway.

For now, I have been logging requests for about 10 minutes, to see if I can find any patterns useful for guessing what might be a bot and who not.

May Nyom Moritz not fall into to much worry with it.
Not much worry here. But having a free day today, I have some time to investigate. It surely seems like a problem that one should know how to deal with on the long run.

_/\_ _/\_ _/\_
Posted by: Johann
« on: November 06, 2019, 05:47:28 PM »

My person guesses that cloud-robots try to uphold a most actual mirror in cases the original server isn't reachable, or simply to increase traffic...

May Nyom Moritz not fall into to much worry with it.
Posted by: Moritz
« on: November 06, 2019, 05:41:37 PM »

At the moment I am trying to understand the robots' behaviour, thinking about what can then be done about it.

Posted by: Moritz
« on: November 05, 2019, 10:47:55 PM »

Did Nyom Moritz conducted anything, that may have caused the wave to stop, beside of Atmas close up?

No Bhante, I did not. _/\_
Posted by: Johann
« on: November 05, 2019, 05:42:08 PM »

Oh back... 950. So better closing up again.  :)
Posted by: Johann
« on: November 05, 2019, 10:36:55 AM »

The "wave" looks like as having stopped and so my petson opened up the forum for guests like before.

Did Nyom Moritz conducted anything, that may have caused the wave to stop, beside of Atmas close up?
Posted by: Moritz
« on: November 02, 2019, 10:09:11 PM »

Vandami Bhante _/\_

Where did Bhante look to see Huawei Cloud as origin of the many visitors? Is it through the Who is logged in page? At the moment, besides some guests, there is one "Google" listed. Is it the same place, where there would be "Huawei Cloud" in the list?

At this moment there are only 14 guests. So maybe it did help to restrict the forum access, but took some time.

Fifteen minutes later: Okay, now there are 160 guests.
Five more minutes later: now 210

Most from IP range 159.138.*, which seems to belong to Huawei Cloud, as confirmed here as well .

No idea what this "Huawei Cloud service" really all is. But as far as I know Huawei is a great producer of many "internet of things" devices ("intelligent" toasters or whatever kind of silly ideas; household items with a small computer built in, which have an internet connection that they need for some of their functions).
There are many cases where such devices are overtaken by hackers, which can sometimes amount to a huge "army" of toasters and coffee machines doing stuff on the internet, unknown to their owners.

No idea at the moment how to stop the flood without IP-blocking.

_/\_
Posted by: Johann
« on: November 01, 2019, 04:17:29 PM »

The undertaking seems not to work, so far. The cloud robots reach a number up to 1000 at same time.

Just wondering if possible that the provider uses this cloud now for his hosts he takes care of. At least such would possible have some pleasing side effects as well.

Added:

Nyom Moritz , Nyom Sophorn

No idea for now. Banner isn't a valid solution (having seen that there are also mods dedecting such robots) and against precepts. Maybe it's possible to reach out to those in charge, either the cloud-company or the host provider who might may use of it.
The amount of visits will surely eat of the month avaliable traffic if looking at the last (which was only attracted by the haft time and half amount of visitors).

To prevent that Nyom, Nyom, might be charged with additional cost, is the reason for another "disturbing" on this matter.
Posted by: Cheav Villa
« on: November 01, 2019, 01:04:42 PM »

 :) _/\_ _/\_ _/\_