June 26, 2025

Thousands of spurious requests to Mediawiki pages

A web site I manage was being repeatedly thrashed by thousands of elaborate Mediawiki requests, for example, “GET /w/index.php?from=20250425004824&fromFormatted=00%3A48%2C+25+April+2025&hidebots=0&returnto=Special%3ARecentChangesLinked&returntoquery=days%3D3&target=Wind_turbine&title=Special%3AUserLogin”.

First, I added the “Lockdown” plugin to limit access to several “Special” pages and actions to logged-in users (even though that wasn't actually the problem, but I came across the plugin while setting about to solve it).

Second, because the wiki has almost no users, I blocked all requests with “Special” in the query part of the request except from the server IP itself and the IPs of the few users by adding the following to the htaccess file. (“Special” pages themselves are in the main request, for example, “/wiki/Special:Search” — also, as far as I understand it, only the server rewrites requests to “/w/…”.)

RewriteEngine on
RewriteCond %{REMOTE_ADDR} !xxx.xx.xx.xxx
RewriteCond %{REMOTE_ADDR} !xx.xxx.xxx.xx
RewriteCond %{QUERY_STRING} Special [NC]
RewriteRule (.*) - [R=403]

Then, the big task: Almost all of the requests were from Chinese IP addresses, and even though the above directive blocked the requests, they were still coming in and still tying up the server. They turned out to be all from China Mobile, China Unicom, and China Telecom (Chinanet). After a couple weeks of toil looking up every IP and blocking their ranges, the server load is quiet again (until the next wave). In case anyone else wants to block them, below are the IP ranges (as of the time of writing this) that I put together. They are certainly not complete, but they include the IPs that were bothering the site.

# China Mobile Communications
Require not ip 36.128.0.0/10
Require not ip 39.128.0.0/10
Require not ip 111.0.0.0/10
Require not ip 112.0.0.0/10
Require not ip 117.128.0.0/10
Require not ip 120.192.0.0/10
Require not ip 122.90.0.0/15
Require not ip 183.192.0.0/11
Require not ip 183.224.0.0/12
Require not ip 211.138.64.0/20
Require not ip 223.64.0.0/11
Require not ip 223.96.0.0/12
Require not ip 223.112.0.0/14
Require not ip 223.116.0.0/15
Require not ip 223.122.0.0/17

# China Unicom
Require not ip 1.24.0.0/13
Require not ip 1.56.0.0/13
Require not ip 1.80.0.0/13
Require not ip 1.188.0.0/14
Require not ip 1.192.0.0/14
Require not ip 14.144.0.0/12
Require not ip 14.204.0.0/15
Require not ip 27.36.0.0/15
Require not ip 27.40.0.0/14
Require not ip 27.184.0.0/13
Require not ip 27.192.0.0/11
Require not ip 39.64.0.0/11
Require not ip 42.52.0.0/14
Require not ip 42.176.0.0/13
Require not ip 42.224.0.0/12
Require not ip 58.16.0.0/16
Require not ip 58.19.0.0/16
Require not ip 58.240.0.0/15
Require not ip 58.248.0.0/13
Require not ip 60.0.0.0/13
Require not ip 60.7.0.0/14
Require not ip 60.13.0.0/13
Require not ip 60.20.0.0/14
Require not ip 60.208.0.0/13
Require not ip 60.216.0.0/15
Require not ip 60.220.0.0/14
Require not ip 61.138.0.0/18
Require not ip 61.179.0.0/16
Require not ip 61.180.128.0/17
Require not ip 61.240.0.0/14
Require not ip 101.16.0.0/12
Require not ip 101.64.0.0/13
Require not ip 101.204.0.0/14
Require not ip 110.52.0.0/15
Require not ip 110.240.0.0/12
Require not ip 112.80.0.0/13
Require not ip 112.94.0.0/16
Require not ip 112.122.0.0/15
Require not ip 112.192.0.0/14
Require not ip 112.224.0.0/11
Require not ip 113.0.0.0/13
Require not ip 113.58.0.0/16
Require not ip 113.59.0.0/17
Require not ip 113.194.0.0/15
Require not ip 113.200.0.0/15
Require not ip 113.224.0.0/12
Require not ip 114.240.0.0/12
Require not ip 115.48.0.0/12
Require not ip 116.2.0.0/15
Require not ip 116.128.0.0/10
Require not ip 118.72.0.0/13
Require not ip 118.80.0.0/15
Require not ip 119.39.0.0/16
Require not ip 119.48.0.0/13
Require not ip 119.62.0.0/16
Require not ip 119.108.0.0/15
Require not ip 119.112.0.0/13
Require not ip 119.176.0.0/12
Require not ip 119.248.0.0/14
Require not ip 120.0.0.0/12
Require not ip 120.80.0.0/13
Require not ip 121.16.0.0/13
Require not ip 121.24.0.0/14
Require not ip 122.136.0.0/13
Require not ip 122.156.0.0/14
Require not ip 122.188.0.0/14
Require not ip 123.4.0.0/14
Require not ip 123.8.0.0/13
Require not ip 123.138.0.0/15
Require not ip 123.152.0.0/13
Require not ip 123.188.0.0/14
Require not ip 123.232.0.0/14
Require not ip 124.89.0.0/17
Require not ip 124.93.0.0/16
Require not ip 124.128.0.0/13
Require not ip 124.152.0.0/16
Require not ip 124.163.0.0/16
Require not ip 125.32.0.0/16
Require not ip 125.40.0.0/13
Require not ip 139.170.0.0/16
Require not ip 150.255.0.0/16
Require not ip 153.0.0.0/16
Require not ip 171.34.0.0/15
Require not ip 171.116.0.0/14
Require not ip 171.120.0.0/13
Require not ip 175.16.0.0/13
Require not ip 175.148.0.0/14
Require not ip 175.152.0.0/14
Require not ip 175.160.0.0/12
Require not ip 180.129.128.0/17
Require not ip 180.130.0.0/16
Require not ip 182.88.0.0/14
Require not ip 182.112.0.0/12
Require not ip 183.92.0.0/14
Require not ip 183.184.0.0/13
Require not ip 211.90.0.0/13
Require not ip 218.7.0.0/14
Require not ip 218.28.0.0/15
Require not ip 219.154.0.0/15
Require not ip 219.156.0.0/15
Require not ip 220.192.0.0/12
Require not ip 221.8.0.0/15
Require not ip 221.13.0.0/18
Require not ip 221.14.0.0/15
Require not ip 221.204.0.0/15
Require not ip 221.207.0.0/18
Require not ip 221.208.0.0/15
Require not ip 221.213.0.0/16
Require not ip 222.128.0.0/14
Require not ip 222.136.0.0/13
Require not ip 222.160.0.0/14
Require not ip 223.166.0.0/15


# Chinanet (China Telecom)
Require not ip 14.208.0.0/12
Require not ip 27.16.0.0/12
Require not ip 27.224.0.0/14
Require not ip 36.40.0.0/13
Require not ip 36.48.0.0/15
Require not ip 36.56.0.0/13
Require not ip 36.96.0.0/11
Require not ip 42.88.0.0/13
Require not ip 42.184.0.0/15
Require not ip 42.248.0.0/13
Require not ip 49.64.0.0/11
Require not ip 49.112.0.0/14
Require not ip 49.116.0.0/15
Require not ip 58.44.0.0/14
Require not ip 58.48.0.0/13
Require not ip 58.208.0.0/12
Require not ip 59.32.0.0/13
Require not ip 59.40.0.0/15
Require not ip 59.42.0.0/16
Require not ip 59.52.0.0/14
Require not ip 59.56.0.0/14
Require not ip 59.60.0.0/15
Require not ip 59.172.0.0/14
Require not ip 60.185.160.0/19
Require not ip 61.159.64.0/18
Require not ip 61.186.16.0/22
Require not ip 61.186.20.0/23
Require not ip 106.4.0.0/14
Require not ip 106.8.0.0/15
Require not ip 106.32.0.0/12
Require not ip 106.80.0.0/12
Require not ip 106.112.0.0/13
Require not ip 110.80.0.0/13
Require not ip 110.152.0.0/14
Require not ip 110.166.0.0/15
Require not ip 110.181.0.0/15
Require not ip 110.184.0.0/13
Require not ip 110.228.0.0/14
Require not ip 111.72.0.0/13
Require not ip 111.121.0.0/19
Require not ip 111.172.0.0/14
Require not ip 111.176.0.0/13
Require not ip 111.224.0.0/14
Require not ip 112.66.0.0/19
Require not ip 112.66.32.0/20
Require not ip 112.98.0.0/15
Require not ip 112.100.0.0/14
Require not ip 112.116.0.0/15
Require not ip 113.25.64.0/18
Require not ip 113.26.0.0/18
Require not ip 113.26.192.0/19
Require not ip 113.27.32.0/19
Require not ip 113.64.0.0/11
Require not ip 113.96.0.0/15
Require not ip 113.132.0.0/14
Require not ip 113.218.0.0/15
Require not ip 113.220.0.0/14
Require not ip 113.240.0.0/13
Require not ip 114.224.0.0/12
Require not ip 115.148.0.0/14
Require not ip 115.209.32.0/19
Require not ip 115.212.0.0/16
Require not ip 115.213.0.0/17
Require not ip 116.16.0.0/12
Require not ip 116.208.0.0/14
Require not ip 116.248.0.0/15
Require not ip 117.22.0.0/15
Require not ip 117.24.0.0/13
Require not ip 117.32.0.0/13
Require not ip 117.60.0.0/14
Require not ip 117.80.0.0/12
Require not ip 118.112.0.0/15
Require not ip 118.213.32.0/22
Require not ip 118.248.0.0/13
Require not ip 119.0.192.0/19
Require not ip 119.1.64.0/19
Require not ip 120.32.0.0/13
Require not ip 120.40.0.0/14
Require not ip 121.32.0.0/14
Require not ip 121.204.0.0/14
Require not ip 122.233.128.0/17
Require not ip 122.224.0.0/12
Require not ip 123.52.0.0/14
Require not ip 123.149.0.0/24
Require not ip 123.168.0.0/14
Require not ip 123.172.0.0/14
Require not ip 123.180.0.0/14
Require not ip 123.244.0.0/14
Require not ip 124.72.0.0/16
Require not ip 124.112.0.0/15
Require not ip 124.114.0.0/15
Require not ip 124.228.0.0/14
Require not ip 124.234.0.0/15
Require not ip 124.236.0.0/14
Require not ip 125.64.0.0/13
Require not ip 125.78.0.0/16
Require not ip 125.79.0.0/16
Require not ip 125.80.0.0/13
Require not ip 125.88.0.0/13
Require not ip 125.104.0.0/13
Require not ip 125.114.128.0/17
Require not ip 140.240.0.0/16
Require not ip 140.255.0.0/16
Require not ip 144.7.0.0/17
Require not ip 144.12.0.0/16
Require not ip 171.8.0.0/13
Require not ip 171.40.0.0/13
Require not ip 171.80.0.0/14
Require not ip 171.88.0.0/13
Require not ip 171.104.0.0/13
Require not ip 171.112.0.0/14
Require not ip 171.208.0.0/12
Require not ip 175.0.0.0/12
Require not ip 175.30.0.0/15
Require not ip 180.96.0.0/11
Require not ip 182.32.0.0/12
Require not ip 182.84.0.0/14
Require not ip 182.96.0.0/12
Require not ip 182.128.0.0/12
Require not ip 182.144.0.0/13
Require not ip 182.200.0.0/13
Require not ip 182.240.0.0/13
Require not ip 183.0.0.0/10
Require not ip 183.128.0.0/12
Require not ip 183.148.0.0/24
Require not ip 183.154.0.0/15
Require not ip 183.160.0.0/13
Require not ip 218.1.0.0/16
Require not ip 218.19.0.0/14
Require not ip 219.147.128.0/17
Require not ip 220.160.0.0/15
Require not ip 220.162.0.0/16
Require not ip 220.167.212.0/22
Require not ip 222.76.0.0/14
Require not ip 222.90.0.0/15
Require not ip 222.208.0.0/13
Require not ip 222.241.56.0/21
Require not ip 223.8.0.0/14
Require not ip 223.144.0.0/12
Require not ip 223.198.0.0/14
Require not ip 223.240.0.0/13

link:
Label(s):

June 20, 2025

Nationalist as metaphor: politics of grievance

For Sara, the Northern Irish nationalist had transcended political classification to character type. Although by local definition a nationalist aspired to a united Ireland achieved by peaceful means, Sara had met the Northern nationalist, in a temperamental sense, all over the world, and many samples of the species would mistake Michael Collins for a mixed drink. ...

A nationalist is a Moaning Minnie, a bellyacher. He’s hard done by; he’s been abused and deserves recompense. Yet no matter how many concessions you shovel him, they will never suffice, for all penance is paltry, any attempt at reparation an affront. Like a bunny in a briar patch, he glories in violation. He feels sorry for himself, of course, but this self-pity is competitive; it bristles around rival brands. And it is triumphalist self-pity. A nationalist uses his suffering as a cudgel to beat you over the head. He never does anything wrong himself. And he never shuts up.

While brandishing his minority status, the nationalist runs in packs. Drunk on Dutch courage from his mob, a nationalist is a bully. But he’s never satisfied with merely getting his way; it has to be achieved at your expense. A nationalist is never happy unless he’s making someone else miserable. That said, he’s never happy. The happy nationalist is an oxymoron.

Accordingly, the worst thing you can do with a nationalist is to attempt to give him whatever he claims to want. He may love his children, his parents, his dog – nationalists are people, too — but the one thing that a nationalist loves above all else is his grievance. Any effort to fulfill a nationalist’s ostensible agenda will read as malicious: you are trying to take his grievance away. A nationalist will bite the hand that feeds him.

Nationalists, in this metaphorical sense, were everywhere.

—“The Subletter” by Lionel Shriver, in Property (2018)

link:
Subscribe to: Posts (Atom)