How to blacklist planet-lab.org?

[Kate]

I have posted about my site being bombarded by curl requests from hundreds of ip addresses in some other threads here and received a lot of help.

It seems that most of the offenders are affiliated with planet-lab and possibly the attacks are mistakes. However as a result my site is being brought down for several hourse per day. I have contacted planet-lab by email with no luck,

I cannot have more that100 subnet entries in my block file on gae, and short of paying more $$$ to google to support these unwanted curl requests I. Can think of nothing else to do.

Can anyone think of how I can get planet-lab to stop?

[Kristopher Giesing]

I sympathize with your situation, but how many more threads on this do you need?  It's actually harder to help you if the answers to your questions are so spread out; people are going to forget what has been proposed and tried already.

I still think the most likely solution is for you to have a filtering proxy server in front of GAE that has a fixed cost, so that GAE doesn't bill you for the DDOS requests.  If CloudFlare doesn't work then I think a simple node.js proxy would do the trick, and you could probably host it on a VM somewhere for around $10-15 a month.  If you're not prepared to write that proxy yourself, you could probably hire someone to do it; the hourly rate might be high, but I doubt it would take an experienced developer very long at all to do.  I'm tempted to do it myself but I have other obligations that would get in the way.

- Kris

[Kate]

I do not need multiple threads. My last three were in error as I was having problems with my iPad and didn't think they were posted. My apologies.

I explained earlier that cloudflare cannot help as they need me to change my dns and I cannot as it is a gae app. My netsol dns for australiansabroad.com is set up according to google specs and are not accepted by cloudflare..

The correct course of action is to have planet-lab stop sending tens of thousand of curl requests. My site has been running since 1996 and I should not have to spend hours figuring out how to block attacks. If planet-lab will not stop the attacks I will take the course suggested by other posters and report them to the appropriate authorities,

[Kate]

I received an answer from planet-lab.

Hi Kathleen,

Apologies for not resolving this sooner.

We believe we found a likely source behind the traffic you've been
referring to. As you may know, PlanetLab is a distributed systems
research test bed with 1000+ machines world wide. These machines may
share access to both research, local and public Internet. These
services are actively managed by researchers granted access to
PlanetLab accounts.

Since your site is hosted by Google, the IP addresses that you use are
not unique to you, but are shared among many Google hosted services.
Many experiments on PlanetLab nodes sent significant volume of
legitimate traffic to these IP addresses and finding the subset of
this traffic that corresponds to your service is a bit more involved.

We have however identified a likely experiment that is responsible, it
is ucr_web slice, run by researchers at University of California,
Riverside, who are cc'ed on this email. The researchers provide a
description of their work as:

"""
This slice is being used to perform measurements to detect outages on
paths on which traffic is served from PlanetLab. We passively observe
traffic outgoing from PlanetLab to see which prefixes are receiving
TCP traffic from PlanetLab, and then use a combination of passive
monitoring and active probing to detect outages on paths to these
prefixes.<br>We ensure that we only send active probes to prefixes
that receive traffic from PlanetLab, and we probe every prefix at most
once every 5 minutes if the prefix is reachable and at most three
times in a 5 minute period if we do not receive responses to our
probes.'

[Jeff Schnitzer]

On Fri, Aug 10, 2012 at 2:41 PM, Kate <mss....@gmail.com> wrote:
>
> I explained earlier that cloudflare cannot help as they need me to change my dns and I cannot as it is a gae app. My netsol dns for australiansabroad.com is set up according to google specs and are not accepted by cloudflare..

You have some sort of mistaken understanding about how DNS works.
There is no reason why you cannot have CF manage DNS for domains that
are directed to GAE. I do this even for domains that I don't proxy
through cloudflare just because their DNS tools don't suck.

Jeff

[Kate]

I know I can have CF manage dns for domains that are DIRECTED to GAE. However the attacks were going straight to aussiecloud.appspot.com.

CF cannot manage that! I have a very good understanding of how DNS works.

In any case the culprits were found and have stopped.

Always best to fix at the source rather than add another layer, if possible.

[Cesium]

G'day Kate,

Did the hoons end up in the divvy van?

I'd be gobsmacked if you didn't leave them tall poppies all stonkered.

At least demand a few tinnies of amber fluid.

David

PS Just testing my new RESTful API: convertposttoaussiespeak.appspot.com 

[Kate]

@David,

No they weren't carted off in a divvy van. Not did I get any tinnies - not that there's any Melbourne Bitter here.

But to update you, there were a number of emails back and forth between myself and Planetlab (Princeton)  and quite frankly I was concerned with the attitude of entitlement from the "researchers". I did get an "Im sorry" and some excuses, but I am surprised there was not a true regret conveyed, given that the behavior of the researchers was clearly against Planetlab's published Acceptable Use Policy, and that I  lost money, and both myself and a number of members of the GAE community spent time trying to find a solution.

I intend to take the matter higher up the food chain, as I believe that it is morally wrong to single out a site to "test" GAE without asking permission. Why didn't they set up their own site?