Jan Engelhardt wrote:
On Sunday 2021-12-26 12:43, Per Jessen wrote:
I am seeing a lot of traffic with GET URLs such as these:
GET /repositories/./Apache:/MirrorBrain/SLE_15_SP2/x86_64/http://build.opensuse.org/ GET /repositories/Apache/openSUSE_Leap_15.2/x86_64/https://software.opensuse.org/ GET /repositories/./Apache:/Shibboleth/SLE_12_SP2/repodata/http://build.opensuse.org/ GET /repositories/./Apache:/MirrorBrain/SLE_15_SP2/https://software.opensuse.org/
Of course they all result in a 404, but currently such requests take up almost 10% of our total http traffic.
This started on 6 December with a few hundred thousand requests, but grew to 2million by 13 December, now around 3.5-4million a day.
Based on the growth pattern, the jump-to idea is libzypp. (That also happens to be using curl, so, ... go figure)
The repositories that are targeted apparently only concern 12.2/15.2 systems, Factory/Tumbleweed URLs is prominently absent. Hurr.
Thanks for the input Jan - the URLs above were just samples, I'll check if I see any other patterns.
openSUSE:Leap:15.2:Update/libzypp:
----------------------------------------------------------------------------
r13 | maintenance-robot | 2021-12-06 13:06:45 | 81c554ade0548b4ec3c309f5be693d99 | unknown | rq935137 > Set link to libzypp.17215 via maintenance_release request
Well well well. Botched update?
The first such requests started at 21 December 10:21 UTC - from a CloudVsp system in Beijing. They also included Leap 42.3, Leap 15.0, SLE15 though. -- Per Jessen, Zürich (6.4°C) Member, openSUSE Heroes