Hi, Thanks for posting. I've recently been trying to deal with the same issue where I get multiple user agents with the name 'axios' and 'unknown' connecting multiple times across the two seperate streams that I run. Through my research, I have not been able to clearly determine whether axios is indeed a bot. How were you able to confirm this? Anyway, I managed to keep these at by bay by blocking these ?bad bots" in my apache settings (as my icecast is on the same server as my website, behind the apache server to be clear). But would you mind sharing you fail2ban filter and jail.local setting for this particular purpose? I?d love to take a look at how you achieved this. db> On 14 Feb 2022, at 1:49 am, unosonic <un at aporee.org> wrote: > > > hi, > > maybe slighly OT, but I've suffered from quite many bots or whatever > "listeners" staying connected to my server (2.4.4, Debian) permanently, > consuming a lot of bandwidth. Most of them coming from the Google cloud, > /w user agent "axios 0.21.4", among some others. I've created a simple > fail2ban config which bans them for a day on connect. Seems to work... > In case someone has similar problems, let me know. > > u. > > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast
Hi Daniel, Just chiming in with some intel - At Radio Mast <https://www.radiomast.io/>, although we are running RSAS <http://rocketbroadcaster.com/streaming-audio-server/> as an alternative to Icecast, we have also observed this "axios" bot activity across our streaming network. The axios user-agent corresponds to an HTTP client library for Javascript/NodeJS of the same name. We have observed that the bot is both enumerating streams (a spider) and downloading the actual content of streams. It normally seems to listen for about 5 minutes. In some cases, we have observed the bot listen for up to 15 hours. We're unsure about who runs the bot or if this behaviour is intended. I think it is likely to belong to some online radio directory, but this is just speculation. The bot runs on Google Cloud Platform, based on the IP addresses we're seeing it from. Bot authors: If you're reading this, please set a unique user-agent that is googleable so we can find out who you are (and so we can report bugs in your bot), otherwise you'll likely be banned. Thanks, Albert On Sun, Feb 13, 2022 at 5:44 PM Damian <db76 at riseup.net> wrote:> Hi, > > Thanks for posting. I've recently been trying to deal with the same issue > where I get multiple user agents with the name 'axios' and 'unknown' > connecting multiple times across the two seperate streams that I run. > Through my research, I have not been able to clearly determine whether > axios is indeed a bot. How were you able to confirm this? Anyway, I managed > to keep these at by bay by blocking these ?bad bots" in my apache settings > (as my icecast is on the same server as my website, behind the apache > server to be clear). But would you mind sharing you fail2ban filter and > jail.local setting for this particular purpose? I?d love to take a look at > how you achieved this. > > db > > > On 14 Feb 2022, at 1:49 am, unosonic <un at aporee.org> wrote: > > > > > > hi, > > > > maybe slighly OT, but I've suffered from quite many bots or whatever > > "listeners" staying connected to my server (2.4.4, Debian) permanently, > > consuming a lot of bandwidth. Most of them coming from the Google cloud, > > /w user agent "axios 0.21.4", among some others. I've created a simple > > fail2ban config which bans them for a day on connect. Seems to work... > > In case someone has similar problems, let me know. > > > > u. > > > > > > _______________________________________________ > > Icecast mailing list > > Icecast at xiph.org > > http://lists.xiph.org/mailman/listinfo/icecast > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast >-- Albert Santoni Founder, Radio Mast | Oscillicious -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20220213/751804e8/attachment.htm>
I have been too optimistic it seems... I've observerd that some log entries in the icecast access log only get written when a client disconnects, not when it connects. Is this normal behaviour? anyway this of course prevents a fail2ban to recognize new listeners, since it simply scans the log for some pattern (axios etc.) within a given time range. Now playing with longer rages... will report. maybe this axios we see is sort of a song content id scanner? ... u. Damian:> Through my research, I have not been able to clearly determine whether axios is indeed a bot. How were you able to confirm this? Anyway, I managed to keep these at by bay by blocking these ?bad bots" in my apache settings (as my icecast is on the same server as my website, behind the apache server to be clear). But would you mind sharing you fail2ban filter and jail.local setting for this particular purpose? I?d love to take a look at how you achieved this. > > db > > > On 14 Feb 2022, at 1:49 am, unosonic <un at aporee.org> wrote: > > > > > > hi, > > > > maybe slighly OT, but I've suffered from quite many bots or whatever > > "listeners" staying connected to my server (2.4.4, Debian) permanently, > > consuming a lot of bandwidth. Most of them coming from the Google cloud, > > /w user agent "axios 0.21.4", among some others. I've created a simple > > fail2ban config which bans them for a day on connect. Seems to work... > > In case someone has similar problems, let me know. > > > > u. > > > > > > _______________________________________________ > > Icecast mailing list > > Icecast at xiph.org > > http://lists.xiph.org/mailman/listinfo/icecast > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast