blob: e71346cafd2916d7114ba0fdc40e20a12cb7a74c [file] [log] [blame]
# Copyright 2016 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file or at
# https://developers.google.com/open-source/licenses/bsd
blacklist:
# Edit this file to enable GAE's built-in DoS protection.
# Run some aggregate queries in the Cloud Console BigQuery
# interface to see if you can block larger subnets rathe
# than individual IP addresses. Also, this list is limited
# to 100 entries, so if it's a DDoS you might run out
# subnets.
# On-Call Playbook:
# https://docs.google.com/document/d/1acGea37jlb5FEp1BGdqca6tY_hiH1QGXKxbt4iBfAug
#
# See the playbook for other measures you can take, such
# as setting ratelimiting_enabled = True in settings.py.
# Example entries:
# - subnet: 192.0.2.1
# description: a single IP address
# - subnet: 192.0.2.0/24
# description: an IPv4 subnet
# - subnet: 2001:DB8::1
# description: an IPv6 address
# - subnet: 2001:DB8::/32
# description: an IPv6 subnet
- subnet: 2001:41d0:1000:250::/64
description: someone who crawls all attachments sequentially
- subnet: 47.153.189.55
description: makes thousands of requests for CSS files
- subnet: 216.52.21.1
description: makes thousands of requests for /_clientmon.do
- subnet: 137.74.194.39
description: polls a few chromium and project-zero issues
- subnet: 77.92.130.85
description: polls a few chromium and project-zero issues
- subnet: 50.116.26.254
description: polls a few chromium and project-zero issues
- subnet: 139.162.176.20
description: polls a few chromium and project-zero issues
- subnet: 46.5.19.18
description: polls a few chromium and project-zero issues
- subnet: 192.241.223.70
description: polls a few chromium and project-zero issues
- subnet: 167.114.234.83
description: polls a few chromium and project-zero issues
- subnet: 188.166.69.251
description: polls a few chromium and project-zero issues
- subnet: 80.187.108.64
description: polls a few chromium and project-zero issues
- subnet: 208.65.73.102
description: polls project-zero issue list
- subnet: 2600:3c01::f03c:91ff:fe08:cf71
description: scans all project-zero issues
- subnet: 175.141.191.44
description: attempted SQL injection
- subnet: 192.198.146.166
description: requesting all issue IDs in sequence
- subnet: 103.17.131.175
description: someone trying to fuzz our server
- subnet: 125.164.230.28
description: someone trying to fuzz our server
- subnet: 156.210.117.20
description: someone trying to fuzz our server
- subnet: 31.38.229.26
description: someone trying to fuzz our server
- subnet: 41.102.220.215
description: someone trying to fuzz our server
- subnet: 78.175.182.167
description: someone trying to fuzz our server
- subnet: 78.210.82.177
description: someone trying to fuzz our server
- subnet: 79.56.108.42
description: someone trying to fuzz our server
- subnet: 93.38.40.215
description: someone trying to fuzz our server
- subnet: 93.3.219.55
description: someone trying to fuzz our server
- subnet: 52.178.119.169
description: someone trying to fuzz our server
- subnet: 62.102.148.160
description: someone trying to fuzz our server
- subnet: 163.172.74.125
description: someone trying to fuzz our server
- subnet: 212.237.19.49
description: someone trying to fuzz our server
- subnet: 95.225.64.2
description: someone trying to fuzz our server
- subnet: 148.160.18.231
description: someone trying to fuzz our server
- subnet: 80.15.111.204
description: someone trying to fuzz our server
- subnet: 23.251.135.231
description: someone trying to fuzz our server
- subnet: 93.38.248.219
description: someone trying to fuzz our server
- subnet: 108.175.2.193
description: someone trying to fuzz our server
- subnet: 186.71.114.124
description: someone trying to fuzz our server
- subnet: 85.48.135.217
description: someone trying to fuzz our server
- subnet: 37.212.48.119
description: someone trying to fuzz our server
- subnet: 172.56.7.191
description: endlessly requesting favicon.ico
- subnet: 62.76.185.68
description: attempted SQL injection
- subnet: 115.99.3.167
description: someone trying to fuzz our server 2017-05-08
- subnet: 203.205.144.172
description: someone crawling our issues 2017-05-08
- subnet: 129.21.128.147
description: flooded with requests to issue.get without issue_id, many 404s
- subnet: 2a01:4f8:10b:170b::2
description: scans all project-zero attachments 2017-06-28
- subnet: 157.48.10.58
description: trying lots of expliots, e.g., ../../../etc/passwd
- subnet: 79.142.73.140
description: hitting the same 404 URL several times a minute
- subnet: 171.4.232.116
description: someone trying to fuzz our server 2017-08-29
- subnet: 103.19.39.2
description: someone hitting /p/chromium issue list every 5 seconds 2017-11-20
- subnet: 62.201.223.18
description: someone hitting /p/chromium template admin page 2017-12-18
- subnet: 184.75.209.185
description: someone hitting /p/monorail template admin page 2017-12-20
- subnet: 180.76.13.8
description: someone scanning attachments 2018-02-07
- subnet: 138.197.103.52
description: someone using sqlmap.org on us 20180-03-08
- subnet: 103.7.28.53
description: someone endlessly requesting the same search 20180-03-08
- subnet: 140.123.126.210
description: someone crawling us poorly 20180-03-08
- subnet: 51.15.86.162
description: someone crawling issues every few seconds 20180-03-08
- subnet: 84.38.132.202
description: someone fuzzing us 2018-03-13
- subnet: 94.102.54.153
description: someone fuzzing us 2018-07-19
- subnet: 163.221.172.236
description: someone sending lots of HEAD requests 2018-08-10 and 11
- subnet: 156.38.148.90
description: someone crawling us 2018-11-27
- subnet: 31.192.108.122
description: someone repeatedly posting to detail_ezt.do 2018-12-05
- subnet: 173.239.232.128
description: someone repeatedly posting to template/detail_ezt.do 2019-01-13
- subnet: 191.180.60.133
description: someone making lots of requests with bad XSRF token
- subnet: 2001:41d0:a:200f::1
description: someone fuzzing us 2019-01-24
- subnet: 108.170.6.26
description: someone crawling p/oss-fuzz/issues
- subnet: 51.15.72.250
description: someone polling certain /p/chromium/issues
- subnet: 23.82.136.166
description: someone crawling gerrit and webrtc issues with a browser
- subnet: 70.166.125.12
description: someone making tons of API calls over the rate limit
- subnet: 103.42.57.49
description: someone making tons of API calls over the rate limit
- subnet: 193.148.16.227
description: someone making tons of API calls over the rate limit
- subnet: 185.165.241.36
description: someone making tons of API calls over the rate limit
- subnet: 158.177.164.38
description: crawler that makes many requests per second