Hacker News new | ask | show | jobs
by santah 1957 days ago
A honeypot is exactly how I caught the IPs the first time around.

Problem is - right now I'm over 250 (new) IPs and they keep piling up (their domains now rarely use an IP more than once).

I may have to block entire ranges of IPs or whole ASNs.
1 comments
cmeacham98 1957 days ago
How about automatically honeypotting them? Add some code to your site that will IP ban a user that searches for some random string (and when I say random, I mean literally generate a random string - something no legit user would search for).

Then, setup a script on your laptop or whatever to search this string on their domains every half hour or so.

link
santah 1957 days ago
It's basically what I've done, though have not automated it yet.

It even prepares the expression snippet for me to paste directly into a CloudFlare firewall rule.

That's how I got to quickly identify and ban almost 2000 different IPs.

If they continue to expand the IP pool I may need to automate it though.

link