"Bad Bot" Reports

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Sekishi
    Dharma Transmitted Priest
    • Apr 2013
    • 5676

    "Bad Bot" Reports

    Hi all,

    Just a quick note to let folks know about an event with the Treeleaf server that started overnight. If you tried to access Treeleaf via a web browser or Tapatalk and received any sort of "timeout" errors, the issue should be fixed now.

    Over an 8 hour period we had an ill behaved bot accessing the forum archives from 1600+ IP addresses, making thousands of HTTP requests per hour. This activity caused the server to run low on memory and CPU resources from time to time. The IP addresses were all at two very large ISPs (e.g. household names for most of us) so I was hesitant to block them (in case any actual member traffic might be blocked).

    After spending time reviewing the logs I found no evidence of human / non-bot activity coming from the networks in question, so after discussion among the Treeleaf Engineers, we decided to just block the entire subnets that were hosting the bot.

    I'm posting here for four primary reasons:

    1. To let folks know if they had trouble accessing the forum or PMs today that there was a reason and it has been addressed as best we can at this time.

    2. The bot does not appear to be "malicious" (in the sense of trying to gain unauthorized access). But we've encountered this specific bot in the past and it always behaves really poorly (it sometimes goes beyond our "crawl-delay" limit by orders of magnitude, requests the same resource over and over again, etc.).

    3. To let everyone know that if you hear from members via external "channels" (Facebook, email, etc.) that they just cannot access the Treeleaf forum at all, there is a slim possibility (very unlikely IMHO but also not zero) that these recent IP bans are the reason. Kotei and I all have a full list of the subnets banned. So if someone has an issue we can check their IP against the new bans!

    4. To say "thank you" to Kotei for noting the start of this issue and helping throughout!

    Gassho,
    Sekishi

    #sat #lah #bots!
    Last edited by Sekishi; 01-13-2024, 12:00 AM. Reason: FOUR reasons, not three. XD
    Sekishi | 石志 | He/him | Better with a grain of salt, but best ignored entirely.
  • Bion
    Senior Priest-in-Training
    • Aug 2020
    • 4712

    #2
    Thank you to the League of Extraordinary Gentlemonks for keeping us online and safe [emoji3526]

    Gassho
    Sat and lah
    "Stepping back with open hands, is thoroughly comprehending life and death. Immediately you can sparkle and respond to the world." - Hongzhi

    Comment

    • Tairin
      Member
      • Feb 2016
      • 2837

      #3
      thank you to our Tech-Jedi


      Tairin
      Sat today and lah
      泰林 - Tai Rin - Peaceful Woods

      Comment

      • Seiko
        Novice Priest-in-Training
        • Jul 2020
        • 1059

        #4


        Gasshō
        Seiko
        Stlah
        Gandō Seiko
        頑道清光
        (Stubborn Way of Pure Light)

        My street name is 'Al'.

        Any words I write here are merely the thoughts of an apprentice priest, just my opinions, that's all.

        Comment

        • Jishin
          Member
          • Oct 2012
          • 4821

          #5

          I came up with a composite sketch of the culprit.

          Gassho, Jishin, ST, LAH

          Comment

          • Doshin
            Member
            • May 2015
            • 2641

            #6
            Thanks Jishin

            I was pondering just what a Bot was.

            Doshin
            Stlah

            Comment

            • Jundo
              Treeleaf Founder and Priest
              • Apr 2006
              • 40539

              #7
              Our Facebook page is getting hit by something ...

              ファンページ管理者の皆様。
              ⚠️ファンページへのアクセスは制限されています。これは、あなたが管理するページが Facebook のコミュニティ ポリシーとガイドラインに違反していることを意味します。
              {{https://support-media.pages.net.br/japan}} を入力して、自分がアカウントの所有者であることを確認します。
              Facebook のコミュニティ ガイドラインに従って、ファン ページとアカウントが永久に無効化されないようにするには、24 時間以内に次の手順を完了する必要があります。
              セキュリティ上の理由から、あなたの Facebook ページは公開されていないため、使用できません。
              Facebook の改善にご協力いただきありがとうございます。
              メタプロチームにご連絡いただきありがとうございます。
              違反コード: SIK8CGDYCDAC300
              Which translates to ...

              Dear Fan Page Administrator.
              Access to your ⚠️ fan page is restricted. This means that the page you administer is in violation of Facebook's Community Policies and Guidelines.
              Enter {{https://support-media.pages.net.br/japan}} to verify that you are the account owner.
              You have 24 hours to complete the following steps to ensure that your Fan Page and account are not permanently disabled according to Facebook's Community Guidelines.
              For security reasons, your Facebook Page is not public and cannot be used.
              Thank you for helping us improve Facebook.
              Thank you for contacting the Metapro team.
              Breach code: SIK8CGDYCDAC300
              Guest 3004
              You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
              Today2:49 PM
              Messenger
              Guest 4358
              You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
              Today2:24 PM
              Messenger
              Guest 1340
              You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
              Today1:26 PM
              Messenger
              Guest 9772
              You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
              Today11:40 AM
              Messenger
              Guest 5176
              You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
              Today11:19 AM
              Messenger
              Guest 5294
              You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
              Today11:00 AM
              ALL OF LIFE IS OUR TEMPLE

              Comment

              • Bion
                Senior Priest-in-Training
                • Aug 2020
                • 4712

                #8
                Originally posted by Jundo
                Our Facebook page is getting hit by something ...



                Which translates to ...



                Guest 3004
                You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
                Today2:49 PM
                Messenger
                Guest 4358
                You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
                Today2:24 PM
                Messenger
                Guest 1340
                You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
                Today1:26 PM
                Messenger
                Guest 9772
                You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
                Today11:40 AM
                Messenger
                Guest 5176
                You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
                Today11:19 AM
                Messenger
                Guest 5294
                You: Hi, thanks for contacting us. We've received your message and appreciate you reaching out.
                Today11:00 AM
                Yeah, those are so annoying. I just deleted 5 or 6 of those messages.

                Gassho
                "Stepping back with open hands, is thoroughly comprehending life and death. Immediately you can sparkle and respond to the world." - Hongzhi

                Comment

                • Sekishi
                  Dharma Transmitted Priest
                  • Apr 2013
                  • 5676

                  #9
                  Hi all,

                  Just checking in to report an outage tonight due to a bot trying to download the entirety of the public forum (resulting in 7000+ requests tonight).

                  I blocked the bot at our firewall and the forum is operating more normally again.

                  Gassho,
                  Sekishi
                  Sekishi | 石志 | He/him | Better with a grain of salt, but best ignored entirely.

                  Comment

                  • Sekishi
                    Dharma Transmitted Priest
                    • Apr 2013
                    • 5676

                    #10
                    Originally posted by Sekishi
                    Just checking in to report an outage tonight due to a bot trying to download the entirety of the public forum (resulting in 7000+ requests tonight).

                    I blocked the bot at our firewall and the forum is operating more normally again.
                    Minor update - found some other addresses this was operating from (thousands more requests). They too have been blocked.

                    Gassho,
                    Sekishi
                    Sekishi | 石志 | He/him | Better with a grain of salt, but best ignored entirely.

                    Comment

                    • Bion
                      Senior Priest-in-Training
                      • Aug 2020
                      • 4712

                      #11
                      Originally posted by Sekishi
                      Hi all,

                      Just checking in to report an outage tonight due to a bot trying to download the entirety of the public forum (resulting in 7000+ requests tonight).

                      I blocked the bot at our firewall and the forum is operating more normally again.

                      Gassho,
                      Sekishi


                      Gassho
                      "Stepping back with open hands, is thoroughly comprehending life and death. Immediately you can sparkle and respond to the world." - Hongzhi

                      Comment

                      Working...