I looked at this again and found that the two notes requested very often from my #microblogpub are those that I 'pinned' that can be found at /featured.
The rest are paths pointing to information about this side. Maybe it has been some kind of #fedibot?
Here's a #fail2ban config that helped me blocking the IPs:
# cat /etc/fail2ban/filter.d/manual.conf [Definition]
# cat /etc/fail2ban/jail.d/manual.conf [manual] enabled = true bantime = 14d
This seems to lead to a jail which isn't connected to a logfile and for which manually added IPs stay blocked for 14 days.
To block IPs I used fail2ban-client -vvv set manual banip $IP which leads to
# fail2ban-client status manual basic Status for the jail: manual |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list: `- Actions |- Currently banned: 4 |- Total banned: 4 `- Banned IP list: 34.229.130.24 44.206.236.255 54.164.161.50 3.238.157.198
fail2ban is integrated into my #yunohost and even though it doesn't come with the greatest documentation I'm starting to love it.
If you can read this you're not affected by the following
…
This #microblogpub had some load recently and I looked into it. I looked through the logs and counted the connections from each IP. These are the IPs with the highest volume:
The last for look suspicious. I looked at the kind of request that added up to those comparative high numbers:
All quite common, but one of the highest counts gets one note. All of these accesses from four IPs only within less than a day.
The article that seems to be so interesting is about @midzer@chaos.socials work for flohmarkt and the fact that he can be sponsored via #github.
The four IPs are all at Amazon:
I blocked the four IPs to get the load back down to a value below 1.
If you can't read this or you'd have a clue why those IPs constantly access those few URLs - please let me know!