Forums

DDos attack

Am I under ddos attack?

149.154.167.233 - - [25/Apr/2018:07:48:33 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:07:49:36 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.007
149.154.167.233 - - [25/Apr/2018:07:50:36 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:07:51:37 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.010
149.154.167.233 - - [25/Apr/2018:07:52:37 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:07:53:38 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:07:54:38 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.007
149.154.167.233 - - [25/Apr/2018:07:55:38 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:07:56:39 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:07:57:39 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.011
149.154.167.233 - - [25/Apr/2018:07:58:39 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:07:59:40 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:00:41 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.017
149.154.167.233 - - [25/Apr/2018:08:01:43 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.012
149.154.167.233 - - [25/Apr/2018:08:02:43 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:04:44 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:05:44 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:06:45 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:07:45 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.010
149.154.167.233 - - [25/Apr/2018:08:08:45 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:09:46 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:10:46 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:11:46 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:12:47 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.014
149.154.167.233 - - [25/Apr/2018:08:13:47 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:14:47 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.017
149.154.167.233 - - [25/Apr/2018:08:15:48 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:16:48 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:17:48 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.007
149.154.167.233 - - [25/Apr/2018:08:18:49 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.010
149.154.167.233 - - [25/Apr/2018:08:19:49 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.007
149.154.167.233 - - [25/Apr/2018:08:20:50 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:21:50 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:22:50 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:23:50 +0000] "POST /fdsgdfgsg HTTP/1.1" 200 234 "-" "-" "149.154.167.233" response-time=1.241
149.154.167.233 - - [25/Apr/2018:08:23:50 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.018
149.154.167.233 - - [25/Apr/2018:08:24:12 +0000] "POST /fdsgdfgsg HTTP/1.1" 200 212 "-" "-" "149.154.167.233" response-time=0.401
149.154.167.233 - - [25/Apr/2018:08:24:18 +0000] "POST /fdsgdfgsg HTTP/1.1" 200 222 "-" "-" "149.154.167.233" response-time=0.382
149.154.167.233 - - [25/Apr/2018:08:24:35 +0000] "POST /fdsgdfgsg HTTP/1.1" 200 222 "-" "-" "149.154.167.233" response-time=5.177
149.154.167.233 - - [25/Apr/2018:08:24:50 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.013
149.154.167.233 - - [25/Apr/2018:08:25:51 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:26:13 +0000] "POST /fdsgdfgsg HTTP/1.1" 200 233 "-" "-" "149.154.167.233" response-time=0.384
149.154.167.233 - - [25/Apr/2018:08:26:51 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:27:51 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:28:52 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:29:52 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.025
149.154.167.233 - - [25/Apr/2018:08:30:52 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:31:53 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.008
149.154.167.233 - - [25/Apr/2018:08:32:53 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009
149.154.167.233 - - [25/Apr/2018:08:33:53 +0000] "POST /fdsgdfgsg HTTP/1.1" 500 291 "-" "-" "149.154.167.233" response-time=0.009

[edit by admin: formatting]

I wouldn't call that a DDoS attack -- the first "D" in DDoS stands for "distributed", meaning that it's lots of different computers trying to access your site at once. All of those hits come from the same IP address, so while it could be a non-distributed attempt at a DoS, it's not a DDoS.

As to whether it's a DoS attack of any kind -- it looks like someone is POSTing to your site once a minute. That's not particularly bad Internet behaviour in general -- a proper DoS would be trying to access it many times a second. I'd probably just characterise it as "unwanted traffic" if it's not something you want people to do.

You can block the IP address if you don't want people doing this kind of thing -- you'd need to look at the X-Real-IP header in your code and return an appropriate response.

I look for the IP address. It is IP address of Telegram. https://core.telegram.org/bots. And I can'tblock that. cause I want my bot to work with Telegram webhook.

But I think that someone want to break my bot. Can you give any advice to be safe.

I have this error:

2018-05-15 07:47:50,895: [2018-05-15 07:47:50,891] ERROR in app: Exception on /... [POST]
2018-05-15 07:47:50,895: Traceback (most recent call last):
2018-05-15 07:47:50,895:   File "/.......name.py", line 1982, in wsgi_app
2018-05-15 07:47:50,895:     response = self.full_dispatch_request()
2018-05-15 07:47:50,896:   File "/.....name.py", line 1614, in full_dispatch_request
2018-05-15 07:47:50,896:     rv = self.handle_user_exception(e)
2018-05-15 07:47:50,896:   File "/......name.py", line 1517, in handle_user_exception
2018-05-15 07:47:50,896:     reraise(exc_type, exc_value, tb)
2018-05-15 07:47:50,896:   File "/.......compat.py", line 33, in reraise
2018-05-15 07:47:50,896:     raise value
2018-05-15 07:47:50,896:  File "/......name.py", line 1612, in full_dispatch_request
2018-05-15 07:47:50,896:     rv = self.dispatch_request()
2018-05-15 07:47:50,897:   File "/......name.py", line 1598, in dispatch_request
2018-05-15 07:47:50,897:     return self.view_functions[rule.endpoint](**req.view_args)
2018-05-15 07:47:50,897:   File "/......name.py", line 31, in index
2018-05-15 07:47:50,897:     message=r['message']['text'].upper()
2018-05-15 07:47:50,897: KeyError: 'text'

It's also interesting, that most of the time they got code-500 (Internal Server Error) in response, but some 5 times they got code-200 (OK/success) which also takes more time (max > 5sec) to process/respond by this webapp. And they have not specified the User-Agent header.

I didn't get you. How I can solve this error? please help me

My guess is that Telegram is trying to send you some sort of message and they keep retrying because you keep returning error codes.

Fix your code so that it doesn't return an error when the text field is not present. If you really want to get to the bottom of the problem, log any messages that your code doesn't understand so that you see what they are.

Sorry for stupid questions I'm new with python. I understood that my bot can't understand files. For example stickers. But I don't know how to catch stickers or other stuff which is not text. Do you have any idea on that? Please help.

2018-05-15 07:47:50,897:     message=r['message']['text'].upper()
2018-05-15 07:47:50,897: KeyError: 'text'

r['message'] is a dictionary. Here's a nice, easy introduction to dictionaries that can get you started: http://www.pythonforbeginners.com/dictionary/how-to-use-dictionaries-in-python

Thank you very much

Solved!

Great!