On 04/07/2025 11:04, David Bold wrote:
Emmanuel Seyman wrote:
This has been a problem for most of 2025 with few solutions in sight:
https://lwn.net/Articles/1008897/
Emmanuel
From the article, it seems like it should be possible to identify the IPs after the attack.
If several sites analyze their traffic and share the list, it should be possible to put them on a black list, that could be shared.
Such requests could either be just dropped, or possibly better, redirected to a page explaining that the IP is part of a bot net, so that the issue can get fixed.
Should be yes, but then your service is already unreachable and you put
an extra work burden on the administrators of the servers. And in this
cat and mouse games the AI companies will win because they can easily
automate spinning up a server with a new IPv4 address.
An additional issue with this solution is that some of these scrapers
are so malicious that they manage to use residential IP addresses for
their scraping purposes. In Arch Linux we noticed a ton of residential
ip addresses from Brazil being used for scraping for example. So there
is a chance you are going to block legitimate traffic.
Possible explanation of the residential ips can be found in Jan's blog
article. [1]
[1] https://jan.wildeboer.net/2025/04/Web-is-Broken-Botnet-Part-2/
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
