Train GraphicClick on the map to explore geographics
 
I need help
FAQ
Emergency
About .
Travel & transport from BBC stories as at 04:35 07 Feb 2023
- Trial of scrapping train return tickets extended
Read about the forum [here].
Register [here] - it's free.
What do I gain from registering? [here]
 01/03/23 - WWRUG AGM
30/03/23 - Railfuture Annual, Leeds
31/05/23 - WWRUG meeting
08/07/23 - WWRUG Weymouth trip

On this day
7th Feb (1909)
Timber Ferrybridge replace by steel bridge (link)

Train RunningDelayed
23:32 London Paddington to Bristol Temple Meads
PollsThere are no open or recent polls
Abbreviation pageAcronymns and abbreviations
Stn ComparatorStation Comparator
Rail newsNews Now - live rail news feed
Site Style 1 2 3 4
Next departures • Bristol Temple MeadsBath SpaChippenhamSwindonDidcot ParkwayReadingLondon PaddingtonMelksham
Exeter St DavidsTauntonWestburyTrowbridgeBristol ParkwayCardiff CentralOxfordCheltenham SpaBirmingham New Street
February 07, 2023, 04:40:25 am *
Welcome, Guest. Please login or register.

Login with username, password and session length
Forgotten your username or password? - get a reminder
Most recently liked subjects
[91] Shawford station building reopens after 40 years
[76] Return rail tickets to be scrapped
[75] OTD -5th February (1971) - Taunton to Minehead foundation meet...
[53] May 2023 timetable
[46] Aberthaw Power Station and Decarbonisation
[38] Lorry driver crisis made worse by Covid - Shapps
 
News: the Great Western Coffee Shop ... keeping you up to date with travel around the South West
 
   Home   Help Search Calendar Login Register  
Pages: [1]
  Print  
Author Topic: Changes to our handling of rogue requests  (Read 908 times)
grahame
Administrator
Hero Member
*****
Posts: 37862



View Profile WWW Email
« on: December 01, 2020, 10:29:34 am »

I have updated our server and there's now a new (and far cheaper) error page send out to visitors from blacklisted remote address ranges. A cheap error page rather than returning a real response saves our admin team from having trawl through thousands of sign up requests, saves our server resources for use on handling real requests, and saves us from most attempts to inject code or content into our systems.

The volume of traffic from rogue addresses can be huge - 60,000 requests from a single location yesterday, with them arriving at a rate of over ten per second at a peak.  And in some circumstances, our server blacklists a range automatically. Very occasionally, a blacklisted lasso takes in a forum member as well as the rogue traffic - should you get an error page, please email me with the description block - example follows - and I can sort you out.  If you get a page like this - zero 'blame' on you.  It's probably because someone on a nearby address is being or has been naughty, or addresses have been re-assigned and you have been give one that previously caused us trouble. One or two members have, sorry, been caught a couple of times.

Quote
Description

You have asked for /error/errorpage.php
You have asked of (our server) vcrp.uk [88.202.183.177] on port 80
You have asked from (client) 77.101.27.190
You have asked using the GET method and HTTP/1.1 protocol
Your browser is Mozilla/5.0 (Macintosh; Intel Mac OS (Ordnance Survey) X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15
You were referred here from http://vcrp.uk/
You received response code 200 ( OK ) at 10:15 on 1 Dec 20

If you think you should have received a real page - please contact me - graham/at/wellho/dot/net
Please copy and paste the description (above) in your email so I can resolve any problem.
Thank You.

We are always tuning things but we do need to keep some sort of traffic filter in place - both for the sake of our server, and our admin sanity too.

Here's an example of a "Denial of Service" attack last night (IP addresses obfurscated)


And here you can see how much we slashed the system load when we changed to the cheap blacklist (thicker black line is today ... other colours are previous days)
Logged

Coffee Shop Admin, Acting Chair of Melksham Rail User Group, Option 24/7 Melksham Rep
grahame
Administrator
Hero Member
*****
Posts: 37862



View Profile WWW Email
« Reply #1 on: June 16, 2022, 06:28:16 am »

The volume of traffic from rogue addresses can be huge - 60,000 requests from a single location yesterday, with them arriving at a rate of over ten per second at a peak.  And in some circumstances, our server blacklists a range automatically. Very occasionally, a blacklisted lasso takes in a forum member as well as the rogue traffic - should you get an error page, please email me with the description block - example follows - and I can sort you out.  If you get a page like this - zero 'blame' on you.  It's probably because someone on a nearby address is being or has been naughty, or addresses have been re-assigned and you have been give one that previously caused us trouble. One or two members have, sorry, been caught a couple of times.

A couple of reports over recent days - so I have cleared most of the older records from the blacklist and have a "watching brief".  Hopefully the issues will be back to "very occasional" and the extra work on the admins to clear rogue sign-up requests will not be too great.  I do have a backup of the old blacklist in case it needs re-instating.
Logged

Coffee Shop Admin, Acting Chair of Melksham Rail User Group, Option 24/7 Melksham Rep
Do you have something you would like to add to this thread, or would you like to raise a new question at the Coffee Shop? Please [register] (it is free) if you have not done so before, or login (at the top of this page) if you already have an account - we would love to read what you have to say!

You can find out more about how this forum works [here] - that will link you to a copy of the forum agreement that you can read before you join, and tell you very much more about how we operate. We are an independent forum, provided and run by customers of Great Western Railway, for customers of Great Western Railway and we welcome railway professionals as members too, in either a personal or official capacity. Views expressed in posts are not necessarily the views of the operators of the forum.

As well as posting messages onto existing threads, and starting new subjects, members can communicate with each other through personal messages if they wish. And once members have made a certain number of posts, they will automatically be admitted to the "frequent posters club", where subjects not-for-public-domain are discussed; anything from the occasional rant to meetups we may be having ...

 
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
This forum is provided by customers of Great Western Railway (formerly First Great Western), and the views expressed are those of the individual posters concerned. Visit www.gwr.com for the official Great Western Railway website. Please contact the administrators of this site if you feel that the content provided by one of our posters contravenes our posting rules (email link to report). Forum hosted by Well House Consultants

Jump to top of pageJump to Forum Home Page