[freehunter]

And being blocked by basically everything in existence. I installed a desktop on Linode and Google blocked me from even their search product. Many other sites had blocks set up or at least CAPTCHAs. If you have browsing activity coming from a datacenter, everyone assumes it's a bot. Geo IP gets messed up too. Really hard to get any work done like that.

[retroafroman]

That's strange. Maybe they do that for the big providers, but I've run roughly 80% of my browsing activity through a SOCKS proxy on a VPS running in multiple different datacenters and never really had a problem that I noticed. I usually get my VPSs from little guys so maybe that's why they're not on a blacklist.

[walterbell]

Does this blocking also apply to VPNs which are likely routing through data centers? One would think that most botnets are running on compromised consumer networks.

[stephengillie]

Botnets must leverage their infected host's internet connection. Almost all anti-bot tools use IP/rate metrics to identify the classic DOS: a large number of connections from a few IPs.

To get around Threatstop, Distil, and other solutions, we see attackers having to use 100+ different source IPs during their coordinated attacks.

[walterbell]

Low-traffic botnets could be clicking on ads, simulating normal usage patterns.