Path: csiph.com!weretis.net!feeder6.news.weretis.net!border-2.nntp.ord.giganews.com!nntp.giganews.com!Xl.tags.giganews.com!local-1.nntp.ord.giganews.com!nntp.brightview.co.uk!news.brightview.co.uk.POSTED!not-for-mail NNTP-Posting-Date: Wed, 31 Jan 2024 12:40:34 +0000 From: Martin Subject: Re: Go-http-client Newsgroups: comp.sys.acorn.networking Date: Wed, 31 Jan 2024 12:27:30 +0000 (GMT) Message-ID: <5b2b591f8fNews03@avisoft.f9.co.uk> References: <5b2b4df63fNews03@avisoft.f9.co.uk> User-Agent: Pluto/3.21a (RISC OS/5.29) NewsHound/v1.54 Organization: None Lines: 38 X-Usenet-Provider: http://www.giganews.com X-Trace: sv3-Gt1lMQSLnRkImUxKBFNSZbdpNS8sIDlFIW1tFKDlC8Ngz6Nikm7UeQbOZbp06b6r2UNFuAQ1WnFyvBn!J6MTVdEdFFDZ/n8n2vXbr/YccsyjeOskks+OiqbYXkPIOWAoRm+SA8EnGvPxSZl8ap2EL/Kt1SBH!1YE= X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.3.40 Xref: csiph.com comp.sys.acorn.networking:5162 In article , Chris Hughes wrote: > In message <5b2b4df63fNews03@avisoft.f9.co.uk> > Martin wrote: > > In the last couple of days my website has had an increase in > > traffic, from about 30 different IP addresses, all with a > > User-Agent of "Go-http-client/1.1". > > Each starts with a "GET / HTTP/1.1" request, with various > > User-Agents, including Windows, Linux & MaxOS. If that works (as > > it will) it then issues GETs for about 30 varied files, then > > stops. > > It seems that Go-http-client is a package which "provides HTTP > > client and server implementations" but it is suddenly being used > > by lots of IPs in a suspicious way. > > Anyone else seen this? > > They obviously do not abide by robots/txt (or even read it), so > > the only way I know to block them is to add them to /htaccess as > > deny froms - some have the same top two numbers. > > Are there any better ways? One way is just to ignore them, I > > know, but I would not want a trickle to turn into a flood. > Is your web space provided via PlusNet ? > If so you could report possible suspicious activity. Yes ... but I doubt they would be interested at the current level. Martin -- Martin Avison Note that unfortunately this email address will become invalid without notice if (when) any spam is received.