Train GraphicClick on the map to explore geographics
 
I need help
FAQ
Emergency
About .
Travel & transport from BBC stories as at 13:35 28 Mar 2024
* Man held over stabbing in front of train passengers
- How do I renew my UK passport and what is the 10-year rule?
- Easter travel warning as millions set to hit roads
Read about the forum [here].
Register [here] - it's free.
What do I gain from registering? [here]
 02/06/24 - Summer Timetable starts
17/08/24 - Bus to Imber
27/09/25 - 200 years of passenger trains

On this day
28th Mar (1988)
Woman found murdered on Orpington to London train (*)

Train RunningCancelled
11:23 Weston-Super-Mare to London Paddington
11:50 Cardiff Central to London Paddington
12:15 London Paddington to Cardiff Central
12:30 London Paddington to Weston-Super-Mare
13:00 Bristol Temple Meads to London Paddington
13:15 Swindon to Westbury
13:26 Weston-Super-Mare to London Paddington
13:30 London Paddington to Bristol Temple Meads
14:19 Westbury to Swindon
15:14 Swindon to Westbury
Short Run
08:03 London Paddington to Penzance
10:55 Paignton to London Paddington
11:23 Portsmouth Harbour to Cardiff Central
11:29 Weymouth to Gloucester
11:48 London Paddington to Carmarthen
12:03 London Paddington to Penzance
12:12 Salisbury to Bristol Temple Meads
12:42 Bristol Temple Meads to Salisbury
12:46 Avonmouth to Weston-Super-Mare
13:03 London Paddington to Plymouth
13:07 Salisbury to Bristol Temple Meads
13:10 Gloucester to Weymouth
13:26 Okehampton to Exeter Central
14:05 Salisbury to Bristol Temple Meads
16:19 Carmarthen to London Paddington
Delayed
10:04 London Paddington to Penzance
10:23 Portsmouth Harbour to Cardiff Central
11:30 Cardiff Central to Portsmouth Harbour
12:30 Cardiff Central to Portsmouth Harbour
14:30 Cardiff Central to Portsmouth Harbour
PollsOpen and recent polls
Closed 2024-03-25 Easter Escape - to where?
Abbreviation pageAcronymns and abbreviations
Stn ComparatorStation Comparator
Rail newsNews Now - live rail news feed
Site Style 1 2 3 4
Next departures • Bristol Temple MeadsBath SpaChippenhamSwindonDidcot ParkwayReadingLondon PaddingtonMelksham
Exeter St DavidsTauntonWestburyTrowbridgeBristol ParkwayCardiff CentralOxfordCheltenham SpaBirmingham New Street
March 28, 2024, 13:42:43 *
Welcome, Guest. Please login or register.

Login with username, password and session length
Forgotten your username or password? - get a reminder
Most recently liked subjects
[142] West Wiltshire Bus Changes April 2024
[80] would you like your own LIVE train station departure board?
[56] Return of the BRUTE?
[46] If not HS2 to Manchester, how will traffic be carried?
[43] Infrastructure problems in Thames Valley causing disruption el...
[34] Reversing Beeching - bring heritage and freight lines into the...
 
News: A forum for passengers ... with input from rail professionals welcomed too
 
   Home   Help Search Calendar Login Register  
Pages: [1]
  Print  
Author Topic: Changes to our handling of rogue requests  (Read 1484 times)
grahame
Administrator
Hero Member
*****
Posts: 40690



View Profile WWW Email
« on: December 01, 2020, 10:29:34 »

I have updated our server and there's now a new (and far cheaper) error page send out to visitors from blacklisted remote address ranges. A cheap error page rather than returning a real response saves our admin team from having trawl through thousands of sign up requests, saves our server resources for use on handling real requests, and saves us from most attempts to inject code or content into our systems.

The volume of traffic from rogue addresses can be huge - 60,000 requests from a single location yesterday, with them arriving at a rate of over ten per second at a peak.  And in some circumstances, our server blacklists a range automatically. Very occasionally, a blacklisted lasso takes in a forum member as well as the rogue traffic - should you get an error page, please email me with the description block - example follows - and I can sort you out.  If you get a page like this - zero 'blame' on you.  It's probably because someone on a nearby address is being or has been naughty, or addresses have been re-assigned and you have been give one that previously caused us trouble. One or two members have, sorry, been caught a couple of times.

Quote
Description

You have asked for /error/errorpage.php
You have asked of (our server) vcrp.uk [88.202.183.177] on port 80
You have asked from (client) 77.101.27.190
You have asked using the GET method and HTTP/1.1 protocol
Your browser is Mozilla/5.0 (Macintosh; Intel Mac OS (Ordnance Survey) X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15
You were referred here from http://vcrp.uk/
You received response code 200 ( OK ) at 10:15 on 1 Dec 20

If you think you should have received a real page - please contact me - graham/at/wellho/dot/net
Please copy and paste the description (above) in your email so I can resolve any problem.
Thank You.

We are always tuning things but we do need to keep some sort of traffic filter in place - both for the sake of our server, and our admin sanity too.

Here's an example of a "Denial of Service" attack last night (IP addresses obfurscated)


And here you can see how much we slashed the system load when we changed to the cheap blacklist (thicker black line is today ... other colours are previous days)
Logged

Coffee Shop Admin, Acting Chair of Melksham Rail User Group, Option 24/7 Melksham Rep
grahame
Administrator
Hero Member
*****
Posts: 40690



View Profile WWW Email
« Reply #1 on: June 16, 2022, 06:28:16 »

The volume of traffic from rogue addresses can be huge - 60,000 requests from a single location yesterday, with them arriving at a rate of over ten per second at a peak.  And in some circumstances, our server blacklists a range automatically. Very occasionally, a blacklisted lasso takes in a forum member as well as the rogue traffic - should you get an error page, please email me with the description block - example follows - and I can sort you out.  If you get a page like this - zero 'blame' on you.  It's probably because someone on a nearby address is being or has been naughty, or addresses have been re-assigned and you have been give one that previously caused us trouble. One or two members have, sorry, been caught a couple of times.

A couple of reports over recent days - so I have cleared most of the older records from the blacklist and have a "watching brief".  Hopefully the issues will be back to "very occasional" and the extra work on the admins to clear rogue sign-up requests will not be too great.  I do have a backup of the old blacklist in case it needs re-instating.
Logged

Coffee Shop Admin, Acting Chair of Melksham Rail User Group, Option 24/7 Melksham Rep
Do you have something you would like to add to this thread, or would you like to raise a new question at the Coffee Shop? Please [register] (it is free) if you have not done so before, or login (at the top of this page) if you already have an account - we would love to read what you have to say!

You can find out more about how this forum works [here] - that will link you to a copy of the forum agreement that you can read before you join, and tell you very much more about how we operate. We are an independent forum, provided and run by customers of Great Western Railway, for customers of Great Western Railway and we welcome railway professionals as members too, in either a personal or official capacity. Views expressed in posts are not necessarily the views of the operators of the forum.

As well as posting messages onto existing threads, and starting new subjects, members can communicate with each other through personal messages if they wish. And once members have made a certain number of posts, they will automatically be admitted to the "frequent posters club", where subjects not-for-public-domain are discussed; anything from the occasional rant to meetups we may be having ...

 
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Valid XHTML 1.0! Valid CSS!
This forum is provided by customers of Great Western Railway (formerly First Great Western), and the views expressed are those of the individual posters concerned. Visit www.gwr.com for the official Great Western Railway website. Please contact the administrators of this site if you feel that the content provided by one of our posters contravenes our posting rules (email link to report). Forum hosted by Well House Consultants

Jump to top of pageJump to Forum Home Page