| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by nemothekid 10 days ago
	One funny thing I've discovered as a result of certificate transparency logs is that the second your host gets given an SSL cert, you are immediately blasted with ai crawlers. I put a project online - it was online for a month, and the second I added an SSL cert it went from 0 traffic to 1000 requests/min.

3 comments

8cvor6j844qw_d6 10 days ago

> One funny thing I've discovered as a result of certificate transparency logs is that the second your host gets given an SSL cert

I've been thinking of using wildcard certs for Caddy in regards to this.

link

jgalt212 10 days ago

and then what? serve your app under some obscure / customer unfriendly subdomain?

link

sadeshmukh 10 days ago

Even if you use a common subdomain, anecdotally I get orders of magnitude less bot traffic than not using a wildcard cert.

link

CyberDildonics 10 days ago

Make a new certificate, let crawlers blast you and add those IPs to a block list.

link

nikcub 10 days ago

these old network security techniques don't really work anymore. the common bots are at known IP ranges, the problem bots are all on datacenter + residential proxies.

link

CyberDildonics 10 days ago

Why would blocking those be a problem?

link

chadgpt3 10 days ago

because you are blocking all of Comcast, Verizon, T-Mobile, British Telecom, ....

at the end you have blocked every network with human visitors and only datacenter IPs can access your site.

The proxies rotate IP every day, so you either have ineffective blocking or you block the whole network.

link

efilife 10 days ago

My site is not for americans so I don't care about blocking american isps

link