search

jpatokal / openflights

Website for storing flight information, rendering paths on a zoomable world map and calculating statistics, with plenty of free airline, airport and route data.
http://openflights.org
GNU Affero General Public License v3.0
1.37k stars 387 forks source link

Cathay Pacific Flight Load (com.cathaypacific.iJourneyLite) abusing apsearch API #1447

Open jpatokal opened 8 months ago

jpatokal commented 8 months ago

The server logs are recently full of this:

172.71.215.49 - - [19/Oct/2023:08:31:01 +0000] "POST /php/apsearch.php HTTP/1.1" 500 5 "-" "Flight Load/2.5.16 (com.cathaypacific.iJourneyLite; build:2.5.16; iOS 16.3.1) Alamofire/4.9.0"

Based on the one hit I could find on the Internet, this seems to be a Cathay Pacific internal flight planning app: image

We could implement referer filtering or something, but I'd like to talk to them first, so any contact points for Cathay Pacific would be appreciated: the mentioned ijourneylite@cathaypacific.com bounces at least for external senders.

reedy commented 8 months ago

I suspect in most cases, just blocking them with a "please contact us" type thing will be the best way to get in contact, unless you can find a "useful" IT contact somewhere online. Trying via Social Media or similar public channels (email, call centre etc) will likely not get anywhere.

The other options are potentially using their abuse address from their WHOIS as their "tech contact"; cx_network@cathaypacific.com.

I do wonder how maintained the app may be. https://github.com/Alamofire/Alamofire/tree/4.9.0 is from September 2019...

jpatokal commented 7 months ago

No luck reaching out, so I've blocked them. Cathay, if you read this, you know where to reach me.