this post was submitted on 20 Mar 2025
503 points (99.6% liked)

Technology

67050 readers
6380 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
503
FOSS infrastructure is under attack by AI companies (thelibre.news)
submitted 2 days ago by simple@lemm.ee to c/technology@lemmy.world
72 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Buelldozer@lemmy.today 46 points 1 day ago (3 children)

I too read Drew DeVault's article the other day and I'm still wondering how the hell these companies have access to "tens of thousands" of unique IP addresses. Seriously, how the hell do they have access to so many IP addresses that SysAdmins are resorting to banning entire countries to make it stop?

[–] festus@lemmy.ca 7 points 1 day ago (1 children)

There are residential IP providers that provide services to scrapers, etc. that involves them having thousands of IPs available from the same IP ranges as real users. They route traffic through these IPs via malware, hacked routers, "free" VPN clients, etc. If you block the IP range for one of these addresses you'll also block real users.

[–] Buelldozer@lemmy.today 3 points 1 day ago (1 children)

There are residential IP providers that provide services to scrapers, etc. that involves them having thousands of IPs available from the same IP ranges as real users.

Now that makes sense. I hadn't considered rogue ISPs.

[–] festus@lemmy.ca 2 points 1 day ago

It's not even necessarily the ISPs that are doing it. In many cases they don't like this because their users start getting blocked on websites; it's bad actors piggy-packing on legitimate users connections without those users' knowledge.

[–] werefreeatlast@lemmy.world 10 points 1 day ago (1 children)

If you get something like 156.67.234.6, then 7, then 56 etc just block 156.67.0.0/24

[–] Buelldozer@lemmy.today 2 points 1 day ago

Sure, network blocking like this has been a thing for decades but it still requires ongoing manual intervention which is what these SysAdmins are complaining about.

[–] GreenKnight23@lemmy.world 7 points 1 day ago (1 children)

fail2ban will always get you better results than banning countries because VPNs are a thing.

that said, I automatically ban any IP that comes from outside the US because there's literally no reason for anyone outside the US to make requests to my infra. I still use smart IP filtering though.

also, use a WAF on a NAT to expose your apps.

[–] Buelldozer@lemmy.today 0 points 1 day ago

fail2ban

I'm familiar with f2b. I even have several clients licensed with the commercial version but it doesn't fit this use case as there's no logon failure for it to work with.

I automatically ban any IP that comes from outside the US because there’s literally no reason for anyone outside the US to make requests to my infra.

I have systems setup with geo-blocking but it's of limited use due to the prevalence of VPNs.

also, use a WAF on a NAT to expose your apps.

This isn't a solution either because a WAF has no way to know what traffic is bad so it doesn't know what to block.