https://wiki.opensourceecology.org/index.php?action=history&feed=atom&title=Sysadmin_LogSysadmin Log - Revision history2026-05-14T10:33:49ZRevision history for this page on the wikiMediaWiki 1.39.13https://wiki.opensourceecology.org/index.php?title=Sysadmin_Log&diff=319202&oldid=prevMarcin: /* 1/25/26 */2026-01-26T03:16:29Z<p><span dir="auto"><span class="autocomment">1/25/26</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 03:16, 26 January 2026</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=1/25/26=</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=1/25/26=</div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">AI bot throttling - see also [[Wiki Bot Throttling]]</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The access log for the nginx_proxy is not available, so this is the check recommended for bot activity for the prior 15 minutes:</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>The access log for the nginx_proxy is not available, so this is the check recommended for bot activity for the prior 15 minutes:</div></td></tr>
</table>Marcinhttps://wiki.opensourceecology.org/index.php?title=Sysadmin_Log&diff=319201&oldid=prevMarcin: Created page with "=1/25/26= The access log for the nginx_proxy is not available, so this is the check recommended for bot activity for the prior 15 minutes: docker logs --since 15m nginx_proxy \ | grep 'nginx.1' \ | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' \ | sort | uniq -c | sort -nr | head -20 \ | while read count ip; do org=$(whois $ip 2>/dev/null | awk -F: '/OrgName|Organization|netname/ {print $2; exit}' | xargs) echo -e "$count\t$ip\t$org" done It can take up to 30 seconds to com..."2026-01-26T03:16:02Z<p>Created page with "=1/25/26= The access log for the nginx_proxy is not available, so this is the check recommended for bot activity for the prior 15 minutes: docker logs --since 15m nginx_proxy \ | grep 'nginx.1' \ | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' \ | sort | uniq -c | sort -nr | head -20 \ | while read count ip; do org=$(whois $ip 2>/dev/null | awk -F: '/OrgName|Organization|netname/ {print $2; exit}' | xargs) echo -e "$count\t$ip\t$org" done It can take up to 30 seconds to com..."</p>
<p><b>New page</b></p><div>=1/25/26=<br />
<br />
The access log for the nginx_proxy is not available, so this is the check recommended for bot activity for the prior 15 minutes:<br />
<br />
docker logs --since 15m nginx_proxy \<br />
| grep 'nginx.1' \<br />
| grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' \<br />
| sort | uniq -c | sort -nr | head -20 \<br />
| while read count ip; do<br />
org=$(whois $ip 2>/dev/null | awk -F: '/OrgName|Organization|netname/ {print $2; exit}' | xargs)<br />
echo -e "$count\t$ip\t$org"<br />
done<br />
<br />
<br />
It can take up to 30 seconds to complete.<br />
<br />
I wrote a wrapper script to make it easier to run as the "dadm" user:<br />
<br />
$ showbots<br />
1701 172.18.0.1 Internet Assigned Numbers Authority (IANA)<br />
1112 120.0.0.0 UNICOM-HE<br />
1039 35.227.147.165 Google LLC (GOOGL-2)<br />
902 35.208.19.233 Google LLC (GOOGL-2)<br />
672 216.73.216.189 Amazon.com, Inc. (AMAZO-4)<br />
223 119.0.0.0 CHINANET-GZ<br />
215 544.0.0.42<br />
136 187.156.194.102<br />
123 544.0.0.32<br />
88 216.244.66.203 Wowrack.com (WOWTEC-1)<br />
84 141.179.46.10 RIPE Network Coordination Centre (RIPE)<br />
83 144.0.0.0 Asia Pacific Network Information Centre (APNIC)<br />
80 172.18.0.4 Internet Assigned Numbers Authority (IANA)<br />
77 133.0.0.0<br />
76 66.249.72.195 Google LLC (GOGL)<br />
69 139.0.0.0 Asia Pacific Network Information Centre (APNIC)<br />
62 136.0.0.0 Ace Data Centers II, L.L.C. (ADCIL)<br />
58 31.145.16.12 YONCU<br />
58 185.50.71.199 OS<br />
55 135.0.0.0 CIK Telecom INC (CIKTE)<br />
<br />
Turns out that "IANA" is resulting from reverse DNS lookups from the other bot activity.<br />
<br />
I just checked it again and the server is getting hammered by CMNET (China Mobile Network):<br />
<br />
13637 112.0.0.0 CMNET<br />
2055 172.18.0.1 Internet Assigned Numbers Authority (IANA)<br />
935 216.73.216.189 Amazon.com, Inc. (AMAZO-4)<br />
160 172.18.0.4 Internet Assigned Numbers Authority (IANA)<br />
133 143.0.0.0 Latin American and Caribbean IP address Regional Registry (LACNIC)<br />
98 66.249.72.195 Google LLC (GOGL)<br />
98 134.0.0.0 RIPE Network Coordination Centre (RIPE)<br />
96 189.94.6.146<br />
91 144.0.0.0 Asia Pacific Network Information Centre (APNIC)<br />
90 544.0.0.42<br />
88 413.0.0.41<br />
86 47.189.220.137 Frontier Communications Corporation (FCC-211)<br />
86 174.234.212.39 Verizon Business (MCICS)<br />
81 88.182.195.57 FR-PROXAD-ADSL<br />
73 105.68.191.0 INWI-ADSL002<br />
63 138.0.0.0 Latin American and Caribbean IP address Regional Registry (LACNIC)<br />
61 31.145.16.12 YONCU<br />
61 140.0.0.0 Asia Pacific Network Information Centre (APNIC)<br />
61 139.0.0.0 Asia Pacific Network Information Centre (APNIC)<br />
60 185.50.71.199 OS<br />
<br />
<br />
Not sure what to do about CMNET, as it's a BIG network, like DOD and RIPE.<br />
<br />
Anyway, the list of IPs to block can be updated by becoming root and editing this file:<br />
<br />
/etc/nginx/conf.d/blocked_ips.conf<br />
<br />
Then become "dadm" and run:<br />
<br />
docker exec nginx_proxy nginx -s reload</div>Marcin