Recent searches
Search options
Some of these bots are clearly running on a bunch of machines on the same net. I have been able to reduce the traffic significantly by treating everything as a class-C net and doing subnet-level throttling. That and simply blocking a couple of them.
But that leaves a lot of traffic with an interesting characteristic: there are millions of obvious bot hits (following a pattern through the site, for example) that all come from a different IP. An access log with 9M lines as over 1M IP addresses, and few of them appear more than about three times.
So these things are running on widely distributed botnets, likely on compromised computers, and they are doing their best to evade any sort of recognition or throttling. I don't think that any sort of throttling or database of known-bot IPs is going to help here...not quite sure what to do about it.
What a world we have made for ourselves...
@corbet IP based blocks have been useless for decades. Block behaviors. Most bots cost money to run via bot net rental fees.
@monsieuricon @corbet so you know the behavior and the pattern. Construct countermeasures. I'm honestly astounded to see guys close to the kernel unable to do this. Think like your opponent. Find his weak spots. Nothing has changed since Sun Tzu made his observations. All bots have weak spots.
@smxi That is an unhelpful reply that undermines the target of the attack. Please try to build up rather than tear down and avoid blaming victims.
@DanielRThomas lol, this is just a troll providing mindless platitudes because the ideas sound pretty in their head, although could be LLM-generated, but they are literal pipe-dreams and spending time thinking about them is ultimately a waste of good effort. I laughed and blocked.