On 04/07/2025 11:04, David Bold wrote:
Emmanuel Seyman wrote:
This has been a problem for most of 2025 with few solutions in sight:
https://lwn.net/Articles/1008897/
Emmanuel
From the article, it seems like it should be possible to identify the IPs
after the attack.
If several sites analyze their traffic and share the list, it should be
possible to put them on a black list, that could be shared.
Such requests could either be just dropped, or possibly better, redirected to a
page explaining that the IP is part of a bot net, so that the issue can get
fixed.
Should be yes, but then your service is already unreachable and you put
an extra work burden on the administrators of the servers. And in this
cat and mouse games the AI companies will win because they can easily
automate spinning up a server with a new IPv4 address.
An additional issue with this solution is that some of these scrapers
are so malicious that they manage to use residential IP addresses for
their scraping purposes. In Arch Linux we noticed a ton of residential
ip addresses from Brazil being used for scraping for example. So there
is a chance you are going to block legitimate traffic.
Possible explanation of the residential ips can be found in Jan's blog
article. [1]
[1] https://jan.wildeboer.net/2025/04/Web-is-Broken-Botnet-Part-2/
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
