Good morning everyone. Just a quick heads up that I've banned a good chunk of IP space in China due to abusive traffic.
I've tried to restrict this where possible to datacenter blocks from Huawei, Tencent, and Alibaba, but China Telecom / Mobile were also heavy sources of suspicious traffic. I doubt we have many (if any) users in China, but if you are affected please let me know.
This has been ongoing for a while and I ignored it initially since the traffic levels were low, but it wasn't anymore.
The ban has very visibly cut our traffic levels:
Haven't done ops in a while, is there any good automated system that can block IPs on individual basis based on activity patterns? E.g. trying to login with the wrong SSH password too many times, but relevant to our use case?
Cloudflare tries, but bots do a pretty good job looking like regular users these days. There's some more advanced "AI" solutions that learn based on existing traffic patterns, but I've been out of that space for a while so not sure what the latest tech is.
I could imagine that some specialized models could actually be useful for this use case. Perhaps even OSS.
Fighting with bots is pretty hard. LWN has an article sharing their methods https://lwn.net/Articles/1008897/