Anthony Accioly on Nostr: TIL: when your server is getting hit heavily by bots and CPU usage spikes to 100%, ...
TIL: when your server is getting hit heavily by bots and CPU usage spikes to 100%, simply returning code 444 and redirecting logs for the offending ips to stdout (or discarding them) can be far more CPU-efficient than blocking IPs at the firewall level.
It felt a bit counterintuitive to me, since in theory, blocking at the firewall should be cheaper.
#OneOfTheseDays #AttackMitigation #pfSense #nginx
Published at
2025-06-23 18:33:39Event JSON
{
"id": "30cc230bb5a154c203cd191b44a1952a316407f8472050d493e2709e79452ea3",
"pubkey": "ee9d979e7e1418a9f7472baf82dc96082a0d4251b77bcb170a6ecec93fadff64",
"created_at": 1750703619,
"kind": 1,
"tags": [
[
"t",
"OneOfTheseDays"
],
[
"t",
"oneofthesedays"
],
[
"t",
"AttackMitigation"
],
[
"t",
"attackmitigation"
],
[
"t",
"pfSense"
],
[
"t",
"pfsense"
],
[
"t",
"nginx"
]
],
"content": "TIL: when your server is getting hit heavily by bots and CPU usage spikes to 100%, simply returning code 444 and redirecting logs for the offending ips to stdout (or discarding them) can be far more CPU-efficient than blocking IPs at the firewall level.\n\nIt felt a bit counterintuitive to me, since in theory, blocking at the firewall should be cheaper.\n\n#OneOfTheseDays #AttackMitigation #pfSense #nginx",
"sig": "af651377ee09504370a30a41a2440e09e9b941a6be32de91157a10ae9c8280c3a705c41fe5bf88e217a3d0fb1bfb5e778ad5d3cb1f01c1d830efa31b35a0f28f"
}
