[tex-live] www.tug.org unreachable

Karl Berry karl at freefriends.org
Tue Dec 19 23:29:08 CET 2017

[We are way off-topic here, but adding one more msg to the pile ...]

Hi Werner,

    all of the suggested solutions were flawed more or less, 

No: blacklisting was suggested early. But no one besides me had the
crucial information that tug.org was indeed blacklisting a few
addresses, and all the other intervening messages happened before I even
saw the discussion. Unfortunately I did not think of this the first time
Denis raised his issue, a week or two ago.

The traceroutes were consistent with blacklisting -- from Denis's host
it got to the last router before tug and then * * *'d, whereas from
other hosts it got past that to tug. That was the most definitive
information.  There's no way to prove blacklisting without access to the
host, as Zdenek said.

FWIW, I have seen all of the other suggested culprits cause
trouble in other situations, from packet fragmentation onward.

I have the idea that fail2ban could be used nowadays to detect
problematic spiders; that would be much preferable to my hardcoded
iptables-level blacklist, since it would expire after a while and give
the IP another chance to behave itself. But the last time I looked at
the various fail2ban filters in this area, none seemed like what I
really wanted -- they wanted heavyweight databases (no thanks), or
depended on third-party blacklists (no thanks), or had other issues, and
I couldn't quite get to hacking one myself. If anyone has any
recommendations in this regard, I'd like to hear them (but probably best
to write me off-list, as this has nothing to do with TeX Live).


More information about the tex-live mailing list