Getting slammed by a client

[Sean Conner]

It was thus said that the Great colecmac at protonmail.com once stated:
> Same here, over 1494 requests since Jul 23 17:22:40. It ended
> at Jul 24 19:41:05 for me. That's in EST timezone.

  You probably didn't have a large site.  Now that I have added 20 years of
blog entries, it only stopped when I finally blocked it at the firewall
about fifteen minutes ago.  230K packets (12M of network traffic) blocked,
and it shows no sign of letting up, which tells me it's not being monitored.

> Thanks for bringing this to my/our attention, I wasn't aware of until now.
> Do you have some monitoring system in place? How did you find out?

  It's rather unorthodox, but I forward my server logs to my home server
(not just Gemini, anything that's logged via syslog()). There, I have a
program that displays the logs in real time and color coded [1][2].  I'm not
*always* watching it, but enough to catch stuff like this.

  Ooh, it's still going, 400k packets, 21M bytes.

  -spc

[1]	I have two systems running, each with their own display.  I run the
	program on both, leaving the window open.  I use said windows as a
	type of "screen saver", but it's also useful to see what's going on
	with both my public server and home systems (ah, six different IP
	addresses tried to log in via SSH---they'll be blocked soon enough).

[2]	The custom syslog system I have is here:

		https://github.com/spc476/syslogintr

	The actual program is

		https://github.com/spc476/syslogintr/blob/master/realtime.lua