For the last few weeks, my web server (hosting PyCS, the Topic Exchange, and all that) has been spending much of its time more or less comatose. I haven't been able to figure out why, until today when I did a
lsof | grep TCP and saw that almost all of the connections to port 80 were from clients of alestra.com.mx, requesting the PyCS comments page ... argh ...
So now I've configured it to deny all requests from .alestra.com.mx. My apologies to any legitimate visitors from alestra.com.mx PyCS might have, but the server was suffering too much from the huge volume of comments page requests from the spammer living somewhere near you.
Fingers crossed - let's see if the site comes back to life now. You'll know real soon...
Update: Looks like I needed to go a bit lower-level. The connections from Mexico were still coming up and TRYING to do something, and still hanging Apache. So now:
iptables -A INPUT -p tcp --source 188.8.131.52 --dport 80 -j DROP
iptables -A INPUT -p tcp --source 184.108.40.206 --dport 80 -j DROP
iptables -A INPUT -p tcp --source 220.127.116.11 --dport 80 -j DROP
iptables -A INPUT -p tcp --source 18.104.22.168 --dport 80 -j DROP
Update 2: OK, now they're on a different IP address.
iptables -F INPUT
iptables -A INPUT -p tcp --source 22.214.171.124/24 --dport 80 -j DROP
iptables -A INPUT -p tcp --source 126.96.36.199/24 --dport 80 -j DROP