Brutkey

jwz
@jwz@mastodon.social

Since yesterday my server has again been getting absolutely obliterated by AI scrapers. This time, though, load is below 1, but I'm getting up to 10 requests a second and all of my Apache workers are in state "R". "apachectl restart" fixes it... for a while.

What levers do I have to pull on this? E.g. maybe it would be sensible to drop connections if they stay in "R" for more than a couple seconds?

This 12 year old post suggests some sysctl.conf changes, but I have...

https://jwz.org/b/yk0T

jwz
@jwz@mastodon.social

Today my server is getting slammed by a very wide botnet that is really interested in such hits as

/var/www/jwz/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd/emacs-timeline.html

Not an AI training bot! How quaint! How retro!

It seems to be associated with something called "bxss dot me" and to them I would like to sincerely say, I hate you please die.