Is anyone else getting traffic from 216.106.86.232 ?
I will open a report with the ISP
=======================
I'm putting this under #FediBlock because I've noticed that since 12 PM EDT yesterday (30-Apr-2024), API requests coming in from 216.106.86.232 have been returning 500 errors constantly from my server. No other 500 errors were being returned.
I blocked the IP at the Cloudflare firewall and now the 500 errors have stopped. There were more than 93K 500 return codes in total until now!
I have no idea what the requests are, and it's too late at night to do more research, but I'm passing this along to other Admins as a warning and to see if anyone else is seeing similar behavior.
@Gargron
Here's what I see in Cloudflare for the last one hour before blocking the IP address. Notice all the requests returning 500 are from this single IP. There are no page views. It's all API requests. And 500 errors stopped after I blocked it.
@waffles
Being behind Cloudflare, it's not that easy. I only see which reverse proxy people come in from. I don't have their originating IP address.
And if they are doing something like this, they probably used a VPN to login and set up an account to hide their IP.
There's an ID though in one of the API calls, and I'm wondering if it is actually an ID that could be used to identify the account in the database they are trying to referene, which might be their own? I was thinking of investigating this on the weekend.
I'm going to try to see, this weekend, what they have in the payload. It might be an innocent mistake. Or, it may be malicious, and then I too will file a complaint.
I may also open a problem with Mastodon. Mastodon should not return a 500 error unless there really is a problem with the server. It probably should be returning some type of 400 error instead. It's possible I didn't configure something correctly, although I think it's likely a Mastodon issue they didn't account for.
Add comment