There have been some intermittent issues with this site for the last few days because some shitheel has been hammering the server that hosts web-facing things for me with automated script-kiddy bullshit that my existing hardening didn’t automatically catch.
Roughly 10GB of it in the last week.
With user agents set to around 500,000 different Chrome versions.
I noticed because the (small) box has been OOM killing processes any time the stats tools look at the logs of this behavior.
Most of it came from one address (in the AliCloud IP allocation, as always. I’ll continue to half-pretend it’s just a compromised VM) so I cleaned up the worst of it by adding an nftables rule to drop anything from that saddr, and did a little filtering to the logs to fix the OOM situation.
I’ve also turned on some rate-limiting features in nginx, and rigged fail2ban to block repeated violators of the rate limit, so hopefully things are more permanently taken care of.
