[musicale]

Rate limiting individual addresses seems like a possibly useful, if not perfect, idea since it forces the bots to spread out over more addresses. It does penalize humans behind NAT however.

[jrochkind1]

I have indeed tries lots of things that seemed possibly useful! Rate limiting by IP (or by CIDR subnet of various sizes) was not enough for me. The bots spread out to more addreseses and still overwhelmed my resources.

[musicale]

Interesting that they could instantly increase the IP range by 100x or something, especially for IPv4 addresses.

I guess that implies deep pockets and/or a malicious botnet.

[jrochkind1]

It is interesting, agreed! Yep, same thoughts.