If you're seeing lots of 404's for urls starting with /announce?info_hash= and Bittorrent useragents on your website with dedicated IP, you're probably a victim of DNS poisoning by the Great Firewall of China. I'd like to discuss what to do about this. Since this year, I'm seeing lots of Bittorrent traffic on my biggest website, that shouldn't be there, as my site has nothing to do with Bittorrent. Visitors seem exclusively from China. At first, I saw lots of 404's. After I started filtering out traffic with a HOST header not for my website, I found that all this traffic was not for my site at all. It's mostly subdomains from:
- tracker.thepiratebay.org - This is the vast majority
- avast.com
- cloudfront.net
- edgecastcdn.net
- facebook.com
- deviantart.com
- flickr.com
- dropbox.com
- twitter.com
Some have checked Chinese DNS servers for these domains, and found that they return a different IP address every time. The consensus seems to be, that Chinese DNS servers are manipulated to return random IP addresses, for domains that Chinese censorship wants to block. DNS poisoning in the service of the Great Firewall of China.
You don't want to be at the receiving end of this, as it's a kind of DDoS attack. Very unethical.
So, what to do about it?
What I did, is responding with a HTTP Status 400 to any request that doesn't have a HOST header for my website. It reduces the load for my site, as it doesn't need to waste resources on my user friendly 404 page.
400 Bad Request seems the most appropriate, as this is basically a client side error.
In the main .htaccess file I have:
ErrorDocument 400 /400.shtml
RewriteEngine On
RewriteCond %{HTTP_HOST} !^((www|subdomain)\.)?example\.com [NC]
RewriteRule ^(.*)$ - [L,R=400]
The file 400.shtml contains a short error message.
Any other ideas?
