I have added fail2ban to the mix. It will take the data from QOS and if the limit is reached (hits per minute), insta ban the IP for 4 hours. The limits are high and do not count auxiliary hits (i.e. image, css, javascripts, etc). Just the main pages.
30 per minute. Which is one per 2 seconds. Any human that can read threads faster than that will get a 4 hour ban.
If not cooking outdoors, I am cooking on the stovetop with my 14" carbon steel wok, 12" CI skillet, or in the oven with my two Lodge CI pizza pans, or two dutch ovens. I've also got a nifty Lodge carbon steel grill pan that rocks for veggies outdoors.
raywjohnson I use fail2ban already. My issue with monitoring the access logs is that the new botnets are now hitting from a different IP address literally every second. fail2ban relies on repeated attempts from the same IP address - and there is nothing for it to match on. I was able to map it with AI help to blocks of IP's that were bot nets running on Azure or other platforms, and block big related subnets of such platforms, that a legitimate web user would never be browsing from.
I see your private message, but will need more than a sip of coffee to ruminate and respond. Take care!
Last edited by jfmorris; March 31, 2026, 08:51 AM.
I have had trouble the last two days connecting and finally this morning I just let it sit and it finally opened. Now it functions properly while I am using it but not sure if I will be able to get back on later.\
I have had trouble the last two days connecting and finally this morning I just let it sit and it finally opened. Now it functions properly while I am using it but not sure if I will be able to get back on later.
I have more than a few anti-bot functions in place. These can easily block you for various reasons. I would need to know more about your access methods. What ISP? What OS? What Browser? Do you use a VPN? Do you use any kind of Proxy? What is your user-agent string? (Go here to find that: https://www.whatismybrowser.com/dete...my-user-agent/).
I'm also having issues logging in. I'm using Edge browser. I can access using Incognito mode and from my phone, however. If anyone has a suggestion to try on my end, please let me know. I have tried clearing cache and cookies, ensuring Java script is enabled, and restarting my router. I didn't try turning off extensions as some articles suggest.
I too am still having problems getting into the site from both my laptop and my phone. I have done several things you have done as well as ones that raywjohnson suggested and still major issues, Sometimes I get in but most times i do not.
jerrybellSkip Just now I went to my browser history and clicked on an AR page that I visited several days ago and I got in. Try that.
LSG Adjustable Grill/Smoker, MAK Pellet Grill, Large BGE with Several Attachments from the Ceramic Grill Store, Weber Genesis E335 Gasser, Cast Iron Pans & Griddle, Grill Grates, Mostly Thermoworks Thermometers, Anova SV Stick, BBQ Guru Controller and Fan
raywjohnson
I'm having a similar issue but it seems that it mostly happens after I clean temp files and cookies, which I do once a day. Something weird is that when the page is trying to load and I click on the X to stop loading, it keeps trying to load. After several attempts to load I just shut it off and try at a later time. Once I'm able to log on things run smoothly until my next cleaning.
I am working to find out the cause (our causes) of this issue. Which affects my other servers as well.
As there are no other obvious issues (here or the other site/servers). I suspect that bots are the cause. And thanks to AI it is now supper easy to setup a bot and scrap sites. And without any moral compass, just hammer the crap out of the servers. It is becoming an epidemic of unintentional Distributed Denial of Service attacks (DDoS). Where a bunch of them hit your server all at once. Locking it up or even crashing it.
I have worked to block them, but this is a swatting flies scenario. I can only directly block the ones the actually report that they are a bot.
The new anti bot feature (QOS + Fail2Ban) seems to help, but I suspect that due to the stupid way IP addresses are used, bad actors can get their IP blocked, but since they are on a shared IP (many ISP's do this). Then everyone on that shared IP gets blocked. The blocks are not permanent, I think I have them set to 4 hours.
raywjohnson Thank you for the update and for all your hard work. Most of us can't even begin to imagine what you're up against fighting these bots / criminals and your frustration level must be huge. No doubt that things would be a lot worse without your efforts. Forever grateful...
As always, we appreciate your diligence... no doubt it's only going to get worse. Seems to be a theme anymore...
Yep. There is a solution. A global IP reputation system. But the depth of greed is more powerful than a good idea.
By example, Spam could be eliminated with a simple protocol. A solution has been suggested via the standard channels. The RFCs (request for comments). With the suggested protocol proving there would be no way to spoof. I have seen the RFC for a spam-proof protocol more that once, then it quietly vanishes.
Why? Millions earned spamming, millions earned from anti-spam. No one wants a solution.
The same goes for malware and computer viruses, millions earned creating malware/viruses, and millions earned from blocking it.
And now, millions earned via bots, millions earned blocking bots (i.e. cloudflare). So a global IP reputation system would not be easy to implement without huge financial backing. And millions of web servers participating.
Comment