[ale] ufw help

Jim Kinney jim.kinney at gmail.com
Sun Apr 5 18:32:31 EDT 2026 

Ha! Don't block 'em. Set up a forwarding proxy with a "permanently moved"
and send them all back to facebook addresses. 🖕

-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain


*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*

On Sun, Apr 5, 2026, 2:52 PM lollipopman691 via Ale <ale at ale.org> wrote:

> In recent days facebook's crawlers ( or someone impersonating them) have
> been hammering my website hard enough to bring it to its knees.
> The hits all seem to originate from addresses in 57.141.0.0/32, which
> iplocation.net puts in Ashburn,VA and owned by facebook//meta.
>
> Here's an example of a hit from /var/log/apache2/other_vhosts_access.log:
>
> tomshiro.org:443 57.141.0.50 - - [05/Apr/2026:14:26:23 -0400] "GET
> /foswiki/bin/edit/System/WebSearch?t=1775413530 HTTP/1.1" 504 2571 "-"
> "meta-webindexer/1.1 (+
> https://developers.facebook.com/docs/sharing/webmasters/crawler)"
>
> I am getting a *massive* number of these. My (crude) weblog analyzer lists
> 9515 of them between midnight and 2 pm, many of them in bursts less than a
> second apart.
>
> So I have attempted to ban that ip address through ufw, using the command
> "ufw deny from 57.141.0.0/32" .  Here's the output from "ufw status
> numbered:
>
> Status: active
>
>      To                         Action      From
>      --                         ------      ----
> [ 1] 25/tcp                     ALLOW IN    Anywhere
> [ 2] 22/tcp                     ALLOW IN    Anywhere
> [ 3] Anywhere                   DENY IN     146.174.0.0/16
> [ 4] Anywhere                   DENY IN     185.171.0.0/16
> [ 5] Anywhere                   DENY IN     20.171.207.109
> [ 6] Anywhere                   DENY IN     202.76.0.0/16
> [ 7] Anywhere                   DENY IN     212.52.0.0/16
> [ 8] Anywhere                   DENY IN     216.73.216.125
> [ 9] Anywhere                   DENY IN     47.238.0.0/16
> [10] Anywhere                   DENY IN     47.239.0.0/16
> [11] Anywhere                   DENY IN     47.242.0.0/16
> [12] Anywhere                   DENY IN     47.243.0.0/16
> [13] Anywhere                   DENY IN     47.76.0.0/16
> [14] Anywhere                   DENY IN     8.210.0.0/16
> [15] Anywhere                   DENY IN     8.218.0.0/16
> [16] Anywhere                   DENY IN     45.206.0.0
> [17] Anywhere                   DENY IN     47.128.0.0
> [18] Anywhere                   DENY IN     57.141.0.0
> [19] 80 (v6)                    ALLOW IN    Anywhere (v6)
> [20] 443 (v6)                   ALLOW IN    Anywhere (v6)
> [21] 25/tcp (v6)                ALLOW IN    Anywhere (v6)
> [22] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
>
>
>
> You can see the ban rule in line 18, above.
>
> Theoretically this should stop these hits, yes? Or should I be saying "ufw
> deny from 57.141.0.0/16" ?
>
> This is on a pretty much stock Debian 12 server running on aws ec2, FWIW.
>
> -- CHS
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20260405/d2577719/attachment.htm>

More information about the Ale mailing list