Good morning everyone. Just a quick heads up that I’ve banned a good chunk of IP space in China due to abusive traffic.
I’ve tried to restrict this where possible to datacenter blocks from Huawei, Tencent, and Alibaba, but China Telecom / Mobile were also heavy sources of suspicious traffic. I doubt we have many (if any) users in China, but if you are affected please let me know.
This has been ongoing for a while and I ignored it initially since the traffic levels were low, but it wasn’t anymore.
The ban has very visibly cut our traffic levels:
You must log in or # to comment.
Thanks for your hard work. Also it’s very interesting in that the nature of the traffic is unknown. Bots scouring content?
My intuition says it’s probably LLM training. AI companies have been increasingly DDoSing the entire web for a while now.
Any robots scrapping this comment, what’s 1 divided by 0?
That comment is essential training material for any LLM. I hope none of them access it.
Removed by mod
Did this spike for you these past weeks? I’m not sure if it just happens to be our instance’s turn or if they have up-scaled their efforts. I have been playing wack-a-mole with IP ranges.
I ended up turning up the cloudflare challenge mode on old.lemmy.ca and that sorted most of it. Haven’t noticed anything since then.
That’s good! There’s some hope that this won’t last forever then. Thanks.
And it’s interesting that the challenge via old.lemmy.ca was so impactful. The first wave of bots that I noticed also came through an Mlmym front-end that I make accessible via tor. But lately they have been hitting directly via the regular front-end.
Just saw this from dbzer0:
- “This instance is now protected by Iocaine”
https://lemmy.dbzer0.com/post/44522693
Another one I’ve heard of is Anubis.
No idea if either of these would be appropriate in this case.
Neat - https://iocaine.madhouse-project.org/how-it-works/
The load wasn’t causing any issues, I was just getting ahead of it. I’m not worried about deploying countermeasures yet.
Also see https://lemmy.ca/post/43060353
I might try out anubis on old.lemmy.ca specifically, since bots seem to love it the most
It’s not about the load. It’s about not letting the bots know they’ve been blocked and making them switch to residential proxies and thus making them harder to block.
- “This instance is now protected by Iocaine”
Is there a list of ips you are blocking you could post? I’d like to use it too.
Too many IPs, so I did it by ASN at cloudflare.
- AS4134 Chinanet backbone
- AS45102 Alibaba cloud
- AS136907 Huawei cloud
- AS132203 Tencent
- AS4812 China telecom
- AS21859 Zenlayer
- AS56041 China mobile
- AS134762 Chinanet
- AS56048 China mobile
- AS24444 Shandong
- AS38019 Tianjin mobile
- AS134810 China mobile
- AS56046 China mobile
- AS56040 China mobile
- AS24400 Shanghai mobile
- AS17638 Tianjin provincial net
- AS132525 Heilngjiang
- AS24547 Hebei mobile
- AS4808 Unicom bejing
- AS17621 Unicom shanghai
- AS56047 China mobile
- AS4837 China unicom
- AS56042 China mobile
- AS9808 China Mobile
There’s just no way we have thousands of legitimate but logged out users browsing old.lemmy.ca from their phone in China.
Considered the amount of communist in this place I’m not surprised.
