Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://social.kernel.org/objects/b3edb7d1-1952-4374-b1a4-9ab5c63e99b3">K. Ryabitsev ???? (monsieuricon@social.kernel.org)'s status on Wednesday, 13-Nov-2024 07:25:42 JST</a><a href="https://social.kernel.org/users/monsieuricon" title="monsieuricon@social.kernel.org"><img src="https://gnusocial.jp/avatar/29051-48-20221117040835.webp" width="48" height="48" alt="K. Ryabitsev ????" style="position: absolute; left: 0; top: 0;">K. Ryabitsev ????</a></section><article><p>x.x.x.x - - [10/Nov/2024:00:02:37 +0000] "GET / HTTP/1.1" 301 162 "-" "okhttp/4.9.0"</p><p>You know what’s interesting about this log line? It repeats 56,686,963 times in <a href="http://www.kernel.org">www.kernel.org</a> logs for yesterday, across 4 nodes. That’s about 700 times a second, and this has been going on for months.</p><p>These requests aren’t intentionally malicious – they issue a simple GET /, receive their 301 redirect, and terminate the connection. From what I can tell, this is some kind of appliance or software installed on mobile clients that uses “can I reach www.kernel.org” as a network test.</p><p>This wouldn’t be that big of a deal – a single plaintext “GET /“ that triggers an immediate 301 is very cheap for us to generate, but the number of these requests has been steadily growing.</p><p>If you have any idea what this is and how to make it stop, please reach out?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3988675#notice-7792792">In conversation</a><time datetime="2024-11-13T07:25:42+09:00" title="Wednesday, 13-Nov-2024 07:25:42 JST">about 6 months ago</time> <span>from <span><a href="https://social.kernel.org/objects/b3edb7d1-1952-4374-b1a4-9ab5c63e99b3" rel="external" title="Sent from social.kernel.org via ActivityPub">social.kernel.org</a></span></span><a href="https://social.kernel.org/objects/b3edb7d1-1952-4374-b1a4-9ab5c63e99b3">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: www.kernel.org</div><h5><a href="https://www.kernel.org/">The Linux Kernel Archives</a></h5><div></div></header><div></div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
K. Ryabitsev ???? (monsieuricon@social.kernel.org)'s status on Wednesday, 13-Nov-2024 07:25:42 JST K. Ryabitsev ????
x.x.x.x - - [10/Nov/2024:00:02:37 +0000] "GET / HTTP/1.1" 301 162 "-" "okhttp/4.9.0"
You know what’s interesting about this log line? It repeats 56,686,963 times in www.kernel.org logs for yesterday, across 4 nodes. That’s about 700 times a second, and this has been going on for months.
These requests aren’t intentionally malicious – they issue a simple GET /, receive their 301 redirect, and terminate the connection. From what I can tell, this is some kind of appliance or software installed on mobile clients that uses “can I reach www.kernel.org” as a network test.
This wouldn’t be that big of a deal – a single plaintext “GET /“ that triggers an immediate 301 is very cheap for us to generate, but the number of these requests has been steadily growing.
If you have any idea what this is and how to make it stop, please reach out?
In conversation6 months ago from social.kernel.orgpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: www.kernel.org
  The Linux Kernel Archives

Public

Embed Notice

HTML Code

Corresponding Notice