The botnet range of "54.36.14*.*" is generating a lot of traffic on the site. Which in turn is likely creating a lot of lag that we're experiencing right now. I think it's the same botnet from before; but they're diversifying their tactics and even continually scraping the site from tangent links.

puke: Please look into blocking that range of IPs. See for yourself in the Admin section.

Think anything you would like to do so admin/sysops have a way of creating IP based ailments/bans?

Edit: More botnetworks:

"180.76.1*.*"
"207.46.1*.*"
"141.8.1*.*"
"157.55.3*.*"
"202.46.*.*"
"178.154.*.*"
"37.9.113.*"
"17.58.96-97-98-99-100.*" (good thing this can be done bitwise)

54" 36" 149" ?!?!?! Thems sexy measurements!!

I looked into .htaccess blocking and seems it doesn't exactly support wildcards, but I added:

54.36.148
54.36.149
180.76.15

The last one was a china bot I noticed

OMG thanks b00d for figuring this pattern out!! <3
the site is loading fast again!

also I just updated the ip2country lookup table for the first time since March 2016 :shrug:

no , my dear pirate flag

here's what I've got so far since we started this thread

updated 18.06.18
Deny from 5.45.207
Deny from 54.36.148
Deny from 54.36.149
Deny from 87.250.224
Deny from 141.8.132
Deny from 141.8.142
Deny from 178.154.171
Deny from 180.76.15
Deny from 202.46.48.0/21
Deny from 202.46.56.0/23
Deny from 202.46.58.0/24
Deny from 207.46.13


Also slightly rearranged the admin page layout so the IPs are easier to see patterns.

Is there any reason an ISP would be giving a user multiple addresses using the least significant byte? There are some showing that, looking like they could be bots, but they stay on a single page and don't cause the site to slow down.

often the scenario is colocated machines or virtual machines supplied by an ISP.

site is super fast right now!

Hooray!

i know strobe is back and it's summer chip time but the site has been slow as shit the past few days. revenge of teh bots?

unfair, i've only been targetting your profile and entries, unsure if that would have any impact of the rest of the site.

I've been trying to do my best to pinpoint what IPs are causing lag on the site when it's lagging, but it's not the easiest thing to do. I don't want to accidentally block any normal users. Sometimes I'll see an ip range, but they're not changing what pages they're viewing fast enough to really look like bots. Considering we're on shared hosting, it could be another site on the same server hogging resources. Or its just my horrible code being inefficient. Or dreamhost is throttling us because they really want me to upgrade to a VPS.

don't think you need to be too concerned about a range of ips within the last octet to ban; and therange within the second to last just need discriminative CIDR bitmask.

157.55.39.*
37.9.113.*
66.249.64.*

Please add:

Deny from 46.229.168
Deny from 40.77.167

Site has been DDoS'd a couple times due to some of their traffic. They are spiderbotnets.

das crazy man
any inkling of a motive? a burned botb'r seeking revenge? gxscc users?

huawei singaporean botnet is slowing down our site from "159.138.15*.*"

b00daw out here bein' robocop, you have my approval and tax boons.

added
there's like a gazillion of them from 2010 xD

ban didn't stick... presently there are 23 of them on the site. :/

see if you can just ban 159.138.*.* dunno if many botbrs are running clients from hwawei singapore/hk cloudnet anyway.

down with singapore

82 hwawei singapore/hk bots on right now from 159.138.*.*

they accidentally ddos'd the site a few minutes ago doing their scraping.

between 10 and 20+ bots from 10.179.3.* use a high level of traffic time to time. seems they are listed as bogons in other lists as well.

Sorry I'm a GOTH, bright things scare me.