discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
- From: Jeff Taylor <shdwdrgn AT sourpuss.net>
- To: OpenNIC discussion <discuss AT lists.opennicproject.org>
- Subject: [opennic-discuss] Excessive calls to the geoip API page
- Date: Wed, 04 Oct 2017 12:12:56 -0600
- Authentication-results: mx1.computerrehab.us; dmarc=none header.from=sourpuss.net
- Dmarc-filter: OpenDMARC Filter v1.3.0 mx1.computerrehab.us 113E92D522
You may have noticed some issues reaching either the API or servers page recently. I've tracked down the problem to some extremely excessive calls to the geoip page (https://api.opennicproject.org/geoip/).
If you are the owner of 208.82.39.26... your script is doing lookups four times per second. Just how often do you think the list of servers changes? I blocked this IP completely for now, please fix your script and let me know if you want access again.
Of course this one user wasn't enough to bring the server to its knees, this problem was because of yet another script that seems to be getting shared around the globe. There are two aspects of the query that lead me to believe there is a common script running here:
"GET /geoip/?bare&pct=95 HTTP/1.1"
"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"
I'm seeing well over 2000 unique IP addresses making the same query up to once ever five seconds. That translated to about 200 queries per second. Now the geoip page is rather expensive in terms of resources, because it has to look up the user's IP and try to match it geographically to the list of Tier-2 servers. I wrote up some code this morning to cache the queries by IP address for 5 minutes before re-checking. Now this made a huge difference but still wasn't enough. I may have another bottleneck in my network that was causing problems even with the cached content so I'll be looking into that.
In the meantime I've added a level of blocking for any server making queries faster than every 15 seconds. This will return a message warning the requester that server information doesn't change that fast, and doesn't give the expected reply. I'm hoping whoever set up this script will see broken results and get it fixed. At the moment this 15-second warning message is accounting for about 25% of all the queries. I'll keep working on it, but just wanted to let folks know WHY in case anyone happens to see the warning message.
- [opennic-discuss] Excessive calls to the geoip API page, Jeff Taylor, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Alex Nordlund, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jeff Taylor, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Rouben, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jeff Taylor, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Rouben, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jonah Aragon, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jeff Taylor, 10/05/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jeff Taylor, 10/05/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Rouben, 10/05/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jonah Aragon, 10/05/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jeff Taylor, 10/05/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jonah Aragon, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Rouben, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Jeff Taylor, 10/04/2017
- Re: [opennic-discuss] Excessive calls to the geoip API page, Alex Nordlund, 10/04/2017
Archive powered by MHonArc 2.6.19.