[Icecast] OT: ban listeners

Albert Santoni albert.santoni at oscillicious.com
Mon Feb 14 04:12:39 UTC 2022 

Hi Daniel,

Just chiming in with some intel - At Radio Mast <https://www.radiomast.io/>,
although we are running RSAS
<http://rocketbroadcaster.com/streaming-audio-server/> as an alternative to
Icecast, we have also observed this "axios" bot activity across our
streaming network. The axios user-agent corresponds to an HTTP client
library for Javascript/NodeJS of the same name. We have observed that the
bot is both enumerating streams (a spider) and downloading the actual
content of streams. It normally seems to listen for about 5 minutes. In
some cases, we have observed the bot listen for up to 15 hours. We're
unsure about who runs the bot or if this behaviour is intended. I think it
is likely to belong to some online radio directory, but this is just
speculation. The bot runs on Google Cloud Platform, based on the IP
addresses we're seeing it from.

Bot authors: If you're reading this, please set a unique user-agent that is
googleable so we can find out who you are (and so we can report bugs in
your bot), otherwise you'll likely be banned.

Thanks,
Albert

On Sun, Feb 13, 2022 at 5:44 PM Damian <db76 at riseup.net> wrote:

> Hi,
>
> Thanks for posting. I've recently been trying to deal with the same issue
> where I get multiple user agents with the name 'axios' and 'unknown'
> connecting multiple times across the two seperate streams that I run.
> Through my research, I have not been able to clearly determine whether
> axios is indeed a bot. How were you able to confirm this? Anyway, I managed
> to keep these at by bay by blocking these “bad bots" in my apache settings
> (as my icecast is on the same server as my website, behind the apache
> server to be clear). But would you mind sharing you fail2ban filter and
> jail.local setting for this particular purpose? I’d love to take a look at
> how you achieved this.
>
> db
>
> > On 14 Feb 2022, at 1:49 am, unosonic <un at aporee.org> wrote:
> >
> >
> > hi,
> >
> > maybe slighly OT, but I've suffered from quite many bots or whatever
> > "listeners" staying connected to my server (2.4.4, Debian) permanently,
> > consuming a lot of bandwidth. Most of them coming from the Google cloud,
> > /w user agent "axios 0.21.4", among some others. I've created a simple
> > fail2ban config which bans them for a day on connect. Seems to work...
> > In case someone has similar problems, let me know.
> >
> > u.
> >
> >
> > _______________________________________________
> > Icecast mailing list
> > Icecast at xiph.org
> > http://lists.xiph.org/mailman/listinfo/icecast
>
> _______________________________________________
> Icecast mailing list
> Icecast at xiph.org
> http://lists.xiph.org/mailman/listinfo/icecast
>


-- 
Albert Santoni
Founder, Radio Mast | Oscillicious
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xiph.org/pipermail/icecast/attachments/20220213/751804e8/attachment.htm>

More information about the Icecast mailing list