Same case here.
Impact is low here (via one ip only), because a file which don't exist (old iso) : arch//iso/2020.03.01/archlinux-2020.03.01-x86_64.iso" failed (2: No such file or directory)
Can you share ip on the list for compare and block all ip before ddos ?
On 7/2/2020 5:02 AM, mirror-admin wrote:
Yes, we notice same download pattern from china IP. Not only for Archlinux, but for other archive as well.
What we do is try to be nice, we throttling down our upload speed to their IP.
On 7/2/2020 09:49, Johannes Findeisen wrote:
I am driving the mirror arch.unixpeople.org. Since some months I encounter a lot of traffic from China which seems to be like a DDoS. I fixed this some month ago by blocking all IP address ranges from China. This stopped the traffic. Yesterday I tried to remove all my firewall rules and to see what happens... Just some hours ago the DDoS startet again so I really had to block China from my mirror again because it would become a fulltime job to monitor my host.
While all this happened I tried to figure out what's going on and saw endless downloads of the arch .iso file from many many IP addresses in China. When the download from one IP had finished the download directly started again from exactly the same IP in an endless loop.
Does anyone other here encounter such things?