LWN sluggish due to DDoS onslaughts from AI-scraper bots(kernel.org) Should you be wondering why @LWN #LWN is occasionally sluggish... since the new year, the DDOS onslaughts from AI-scraper bots has picked up considerably. Only a small fraction of our traffic is serving actual human readers at this point. At times, some bot decides to hit us from hundreds of IP addresses at once, clogging the works. They don't identify themselves as bots, and robots.txt is the only thing they *don't* read off the site. This is beyond unsustainable.
Should you be wondering why LWN is occasionally sluggish(kernel.org) Should you be wondering why @LWN #LWN is occasionally sluggish... since the new year, the DDOS onslaughts from AI-scraper bots has picked up considerably. Only a small fraction of our traffic is serving actual human readers at this point. At times, some bot decides to hit us from hundreds of IP addresses at once, clogging the works. They don't identify themselves as bots, and robots.txt is the only thing they *don't* read off the site.This is beyond unsustainable.
Law enforcement takes down 'DDoS-for-Hire' sites in Operation PowerOFF(scworld.com) The hackers got more time off this Christmas as a present from law enforcement: Europol this week coordinated a takedown with 15 countries worldwide that seized 27 of the most popular distributed-denial-of-service (DDoS) platforms and took them offline.
Ask HN: Is it possible to avoid Bandwidth DDoS attacks without Cloudflare?(ycombinator.com) Hi. If I implement IP-based rate-limiting in my web application hosted on a VPS, it can help in preventing over-usage of paid API etc. But what if someone tries to exhaust the bandwidth that the VPS host allocates to my box, by simply making HTTP requests en masse? Even if I return 429 for all of them, my bandwidth is still gone, right? Is there any solution for this apart from seeking protection of Cloudflare and the like?