Fark me π€¦ββοΈ I woke up quite late today (after a long night helping/assisting with a Mainframe migration last night fork work) to abusive traffic and my alerts going off. The impact? My pod (twtxt.net) was being hammered by something at a request rate of 30 req/s (there are global rate limits in place, but stillβ¦). The culprit? Turned out to be a particular IP 43.134.51.191 and after looking into who own s that IP I discovered it was yet-another-bad-customer-or-whatever from Tencent, so that entire network (ASN) is now blocked from my Edge:
+# Who: Tentcent
+# Why: Bad Bots
+132203
Total damage?
$ caddy-log-formatter twtxt.net.log | cut -f 1 -d ' ' | sort | uniq -c | sort -r -n -k 1 | head -n 5
61371 43.134.51.191
402 159.196.9.199
121 45.77.238.240
8 106.200.1.116
6 104.250.53.138
61k reqs over an hour or so (before I noticed), bunch of CPU time burned, and useless waste of my fucking time.