Algorithms, Blockchain and Cloud

Abuse Use of API – Server Attacked and IP Blocked – Case Study

ACMer
cloudflare-fixed-traffic

I have noticed since this morning that the server load is higher than before (using command htop, showing the high spike of CPU usages).

htop-loadaverage

And I login to CloudFlare and it confirms that lots of uncached requests, which is abnormal.

cloudflare-uncached-requests

Although the website still loads pretty fast, but this really concerns me if the CPU usage stays high. Plus, I get warning emails from time to time (according to the script, I set the warning level to load average = 3).

system-email-high-load-average

I login to SSH and find out at log file /var/log/apache2/access.log there are requests (lots of) to the API:

    3 100.1.241.126 - - [12/Aug/2015:12:55:27 +0000] "GET /api/fortune/ HTTP/1.1      " 200 545 "-" "Totems.us fortune teller player interact"
    4 100.1.241.126 - - [12/Aug/2015:12:55:27 +0000] "GET /api/fortune/ HTTP/1.1      " 200 6867 "-" "Totems.us fortune teller player interact"
    5 100.1.241.126 - - [12/Aug/2015:12:55:27 +0000] "GET /api/fortune/ HTTP/1.1      " 200 542 "-" "Totems.us fortune teller player interact"
    6 100.1.241.126 - - [12/Aug/2015:12:55:27 +0000] "GET /api/fortune/ HTTP/1.1      " 200 663 "-" "Totems.us fortune teller player interact"
    7 100.1.241.126 - - [12/Aug/2015:12:55:27 +0000] "GET /api/fortune/ HTTP/1.1      " 200 580 "-" "Totems.us fortune teller player interact"
    8 100.1.241.126 - - [12/Aug/2015:12:55:27 +0000] "GET /api/fortune/ HTTP/1.1      " 200 527 "-" "Totems.us fortune teller player interact"
    9 100.1.241.126 - - [12/Aug/2015:12:55:28 +0000] "GET /api/fortune/ HTTP/1.1      " 200 6764 "-" "Totems.us fortune teller player interact"
   10 100.1.241.126 - - [12/Aug/2015:12:55:28 +0000] "GET /api/fortune/ HTTP/1.1      " 200 556 "-" "Totems.us fortune teller player interact"

Apparently, this must’ve been a robot/program that keeps connecting to the API – fortune.

I also found the other two IP addresses that tried to login the server using root, which is banned by security setting.

I then add these 3 IP addresses in the block list in the CloudFlare control panel.

block-ips

Immediately, the usage comes back to normal.

normal-htop

and cloudflare confirms this:

cloudflare-fixed-traffic

I should probably add ‘Fair Use’ policy to the terms and conditions of my APIs.

–EOF (The Ultimate Computing & Technology Blog) —

540 words
Last Post: Delphi Static Code Analyser - FixInsight
Next Post: Facebook Crawler uses IPv6

The Permanent URL is: Abuse Use of API – Server Attacked and IP Blocked – Case Study (AMP Version)

Related posts:

  1. Get a Random and Hopefully Interesting Adage Online – Fortune-Teller (API) The linux is a fun place to work at. It provides interesting commands such as...
  2. The C++ Pitfalls of Checking Perfect Square using Binary Search Write a method to check if a given integer is a perfect square e.g. 4,...
  3. Displaying a File with Line Number on Linux Shells There are many ways to show line numbers when displaying text files. For example, in...
  4. How to Unlock QuickHostUK VPS Network Speed to 1GHz? I was using the speedtest-cli utility to testing the network connection speed on my Vultr...
  5. Teaching Kids Programming – Reduce Array Size to The Half via Counting (Greedy, Hash Table) Teaching Kids Programming: Videos on Data Structures and Algorithms You are given an integer array...
  6. Introducing the Pancake Sorting Algorithm Given an array of integers A, We need to sort the array performing a series...
  7. How to Fix Microsoft PowerPoint Attempting-to-Repair-but-Fail Problem? (cannot open) For some PPTs (Microsoft PowerPoint) that you downloaded, you can’t basically open them. These generally...
  8. Simple NodeJS Example to Show Average Scores in the Steemit-Wechat Group I have shown a simple NodeJS example that calls the SteemIt Wechat API to get...
Exit mobile version