Revisions and Commits
| rWCIN wikimedia-ch-wmch-infrastructure | |||
| rWCIN80855af376d2 Wikimini: implement a bit of cache-control | |||
| rWCIN660dea852409 Wikimini: also put .cur icons under cache-control | |||
Related Objects
- Mentioned In
- E1707: WMCH Tech Boost
Event Timeline
Before 2024-01-07, our Switzerland service provider reported a spike in the traffic on the server wmch-mores-demo-01 hosting Wikimini.org and another minor MediaWiki demo, specifically on ports 80 and 443. The unwanted traffic spike is coming mainly from Amazon AWS. Unclear if this is a denial of service or another thing. I can start looking at this in some minutes.
I've found suspicious requests to these binary file:
/var/www/wikimini.org/www/w/skins/Wikimini/resources/images/cursor-edit.cur /var/www/wikimini.org/www/w/skins/Wikimini_20170128/resources/images/cursor-edit.cur
Put in quarantine under the same directory of T330978
Edited: examined and not malware, restored. Still inspecting.
Some potential root problems:
- we had no Cache-control mechanisms so, some East crawlers were very aggressive in downloading a lot of stuff
- → implemented at least 7 days of caching for images/etc.
- we had no robots.txt and some crawlers loops super-dynamic pages
- → created skipping at least APIs https://fr.wikimini.org/robots.txt
Anyway, we also banned the specific entry point from Singapore. Probably under control now.
For your info the requests coming from the range of IP connected with the AWS server have been blocked in entrance on the firewall.