Someone using Tencent servers have been attacking my websites

-

Someone using Tencent servers have been attacking my websites, mostly from China, Singapore, Vietnam, but also the US and Brazil.

I usually have around 1K people surfing my website at any given time. Occasionally my website https://www.gematrix.org is getting published in a blog about Gematria and numeric values and I get higher traffic organically. 

This attack was happening on multiple websites I own, not just this one, but the attack was made more brutally on Gematrix and at this website I investigated it.

Lately, my website started crushing down. Did not worked properly. Responses were very slow.  Looking a bit more deeply into it, I could see I have around 12K visitors at the same second in my website which caused the delay. Like thousands of thousands requests per seconds.

I did two things:

1. One of them is what I call "scale better": I have improved the way I handle requests, improved the caching and improved the database querying, schema and access.  Thanks god I am using Go language which is very fast as term of execution, running time and compilation. With in less than a day I had a version of the website that can handle all of this traffic without shutting down, it even reached much higher traffic and the CPU load of the server also dropped significantly.

I don't use any external services like Cloudflare or others. I do everything myself.

2. Second, I started investigating what is actually happening and why. Where are those attacks coming from? What are they doing? Do they try DDOS to block my websites or "just" crawling unconditionally.

Here is how I stopped them:

I don't care if it is a DDOS attack or an aggressive crawling method - it should not be done!

I tried updating the robots.txt file, but it did not helped. Chinese bots are disregarding it, which is a shame, I really prefer the web in a more innocent way that you respect the site requests for delay. Setting the robots.txt crawl-delay to one every 5 seconds did not helped. 

User-agent: *
Crawl-delay: 5
Allow: /

I was still getting more than 10K requests per second.

Investigating more deeply into it I noticed 70% of the traffic coming from China. Checking the IPs range I was able to locate around 100 IPs that the attack was coming from. I blocked them and the attack stopped - for a few hours.

After a few hours the attack continued, now most of the traffic came from Singapore, Vietnam - So I found the range of the attacking IPs and blocked them too. It helped for a few hours.

It then started again, from the US, Germany, Brazil and more.

Number of calls per time to my website 

At this point, looking at the IPs and running reverse lookup on the new range of IPs and also the older one - I discovered that they are all coming from a specific company called Tencent cloud computing - A huge conglomerate from China.

 

Thankfully Tencent provide the ranges of IPs they hold. All I had to do is to take all those ranges (Around 5,720,000 different IPs) and block them. And so I did.

I just blocked ALL the traffic from Tencen IP ranges.

For now it seems that the attack have stopped.

Here is the code to load and blocks all Tencent IP ranges. I am sure I might have blocked a few innocent people, but I think Tencent should check better what people are doing with their servers.

Links:

1. Tencent Cloud Computing

2. Tencent IP ranges (on their website)

3. Code for blocking Tencent traffic on github

 

 

package abuseip

import "net"

var ipRanges []*net.IPNet = []*net.IPNet{}

func IsTencentCloudComputingIP(ip net.IP) bool {
for _, ipRange := range ipRanges {
if ipRange.Contains(ip) {
return true
}
}
return false
}

func LoadTencentCloudComputingIPRanges() {
// Parse the CIDR range once
_, blockRange, _ := net.ParseCIDR("43.128.0.0/13")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("1.12.0.0/14")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("124.220.0.0/14")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("49.232.0.0/14")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("81.68.0.0/14")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("1.116.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("106.52.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("111.230.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("118.24.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("119.28.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("121.4.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("123.206.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("42.192.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("82.156.0.0/15")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("101.244.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("101.32.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("106.54.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("106.55.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("109.244.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("111.229.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("114.132.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("115.159.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("118.89.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("119.45.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("124.156.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("128.108.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("129.204.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("129.211.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("129.226.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("129.28.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("132.232.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("134.175.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("139.155.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("139.186.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("139.199.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("140.143.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("148.70.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("150.109.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("150.158.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("152.136.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("159.75.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("162.14.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("162.62.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("170.106.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("175.178.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("175.24.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("175.27.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("193.112.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("43.160.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("49.51.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("62.234.0.0/16")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("101.33.0.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("118.195.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("154.8.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("182.254.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("188.131.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("192.144.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("203.195.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("211.159.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("212.129.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("212.64.0.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("42.187.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("42.194.128.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("94.191.0.0/17")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("118.126.64.0/18")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("122.152.192.0/18")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("146.56.192.0/18")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("172.81.192.0/18")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("45.40.192.0/18")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("58.87.64.0/18")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("119.27.160.0/19")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("210.73.160.0/19")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("103.234.0.0/22")
ipRanges = append(ipRanges, blockRange)

_, blockRange, _ = net.ParseCIDR("103.95.224.0/22")
ipRanges = append(ipRanges, blockRange)
}


 

 

 

 

 

Comments

Post a Comment

Popular posts from this blog

Accessing Windows Share (Samba) From Linux (XFCE) using Thunar

-
In order to access samba (windows share) from Linux XFCE using Thunar file browser you need to: 1. Install samba client sudo apt install smbclient 2. Run: sudo modprobe cifs 3. Open thunar and access the share: smb://IPADDRESS/sharename e.g.: smb://192.168.1.1/photos 4. Type in the username / password in the prompt window Some helpful information: https://forum.manjaro.org/t/thunar-how-do-i-access-folders-shared-on-windows-computers/116649/9
Read more

Bypassing the error by "go get" "tls: failed to verify certificate: x509: certificate signed by unknown authority"

-
When I was trying to download dependencies for my go project in an old Ubuntu machine I was getting this error all the time: "go: gopkg.in/alexcesaro/quotedprintable.v3@v3.0.0-20150716171945-2caba252f4dc: Get "https://proxy.golang.org/gopkg.in/alexcesaro/quotedprintable.v3/@v/v3.0.0-20150716171945-2caba252f4dc.mod": tls: failed to verify certificate: x509: certificate signed by unknown authority" Which the main part of it was go get failing to authenticate: " tls: failed to verify certificate: x509: certificate signed by unknown authority " I tried many things but couldn't make it work until I found the way: export GOINSECURE="proxy.golang.go" This will tell go get to ignore certification validity. Then export GOPROXY=direct This will tell go get to by pass proxy Then git config --global http.sslverify false And only after those I could run again: go get And it worked
Read more

Using phpword to merge two Mircrosoft Office Word .docx documents

-
How to combine or embed and insert another .docx file (Microsoft office docx word document) into another one using PHPWord Joining two .docx document using php ( phpword library ) $mainTemplateProcessor = new \PhpOffice\PhpWord\TemplateProcessor("file1"); //$mainTemplateProcessor ->setValue('var_name', $value); $innerTemplateProcessor = new \PhpOffice\PhpWord\TemplateProcessor("file2"); //$innerTemplateProcessor->setValue('var2_name', $value2); // extract internal xml from template that will be merged inside main template $innerXml = $innerTemplateProcessor->gettempDocumentMainPart(); $innerXml = preg_replace('/^[\s\S]*<w:body>(.*)<\/w:body>.*/', '$1', $innerXml); // remove tag containing header, footer, images $innerXml = preg_replace('/<w:sectPr>.*<\/w:sectPr>/', '', $innerXml); // inject internal xml inside main template $mainXml = $mainTemplateProcessor->gettempDocumentMainPart(...
Read more