"we caught one" god. Luxurious.
Once again, I strongly advise you to set up fail2ban so that anyone you serve a 404 catches at least a full day ban, and if you don't care about talking to other people's services, do your best to fully block the IP ranges associated with all the major hosting companies.
@mhoye a single 404 is very aggressive, all it takes is one fatfingered link in a page pointing to your site and you're banning visitors en masse.
after 5-10 404s in a row for different URLs, different story.
@mhoye yes i'm all for having specific poison URLs that trigger an immediate ban.
But "immediate ban on any 404 whatsoever" seems heavy handed.
@mhoye @azonenberg .... we do personally do that
we're prepared to accept that we do not exist, in a statistical sense. that is true in SO many ways
but we hesitate to put into place a rule which would lock ourselves out. we'd at least apply a threshold of a few 404s over a window of time, not just a single one
@ireneista @mhoye @azonenberg I'm seeing bots guessing URLs that look like something I might have written, too. There is no `/articles/removing-trackers/floc-affinity` on my site. Maybe generating broken links for a user who asked for a summary?
And there are always a lot of 404s for stuff like `/page-title/favicon.ico` after my site gets on "Hacker News" -- so many crawler scripts (at varying levels of working) get links from there
mhoye
Andrew Zonenberg
Irenes (many)
Don Marti