Your IP address or host name was permanently blacklisted?

[expired user #4451]'s profile image [expired user #4451] posted 12 years ago in General Permalink
Hi Anse!

Your IP address or host name was permanently blacklisted because of too much download traffic in a certain interval.
Since 2 weeks ago I cant access the website and thought it was an issue with access to or something. Today I decided to to access through an proxy and no faced problems.

Do not know what the reason the range of IP from Brazil's of GVT is blocked.
Using ADSL with dynamic and multiple simultaneous connections still locked?

Thx
ansgar's profile image ansgar posted 12 years ago Permalink
%.gvt.net.br IP addresses are the top ones which had a huge number of download clicks on HeidiSQL builds and installers. I invented some auto-learning HTTP blocker for such suspicious download accesses and now I can tell you that gvt.net.br clients accessed heidisql.com and especially some of the exe files around 42730 times in a few weeks. If I hadn't the above mentioned blocking rule, that would have caused approximately 100GB of HTTP traffic in a month. I'm glad you are posting here, so I can ask someone which may know more about that effect - what is happening here? Is there some robot, hacking stuff going on or what?
ansgar's profile image ansgar posted 12 years ago Permalink
I'm going to make the blocking rule for gvt.net.br less restrictive, which is based on a whildcard host filter currently, blocking everyone from that provider.
ansgar's profile image ansgar posted 12 years ago Permalink
More details: I have noticed downloads from gvt.net.br addresses which
* come with an empty user agent
* and/or download the same file (e.g. /installers/HeidiSQL_7.0.0.4151_Setup.exe) many many times.

Traffic in such huge dimensions needs still to be payed by me, so please understand why I need to block such clicks.
ansgar's profile image ansgar posted 12 years ago Permalink
Now it's evening, and as said yesterday night I have made the blocking less restrictive. In these 20 hours there was 187.115.188.136.static.host.gvt.net.br accessing HeidiSQL downloads 2966 times. Who or what the hell is downloading my exe files again and again? My only explanation is that this is some bad attack just wanting to create traffic (cost).
ansgar's profile image ansgar posted 12 years ago Permalink
Hm, I expected a quicker reply for some reason.
ansgar's profile image ansgar posted 12 years ago Permalink
No feedback since several days now. So I just activated my blocking rule for %.gvt.net.br again.
[expired user #4451]'s profile image [expired user #4451] posted 12 years ago Permalink
Hi Anse!
I'm sorry, I was traveling to work.
I agree with you and know that generates a high cost, but I do not know what the reason that someone is doing it. : (

http://www.blocklist.de/en/search.html?as=18881

GVT in Brazil is expanding its network throughout Brazil and is currently the best in quality and speed.
Well, I'm not sure if this would be the best way to block this traffic, but I think one of the best ways to avoid this would be to implement a redirection to the downloads.
In this case, if traffic is GVT's network, redirect to google code or some other host, may end up with the problem.

I think it is.
thank you


ansgar's profile image ansgar posted 12 years ago Permalink
Thanks for the update. I have again deactivated blocking by wildcard %.gvt.net.br, as it's obviously silly to block all users of such a big internet provider. I was probably hoping you as one of those gvt customers knew more about that. Anyway, you should not get blocked any longer, unless your downloads exceed a certain amount of megabytes in a specific interval.

Please login to leave a reply, or register at first.