My goodness, a new level of stupidity.

The bots are now doing things like this:

GET http://uninformativ.de/projects/lariza/feednotify/datenstrahler/slinp/countty HTTP/1.1

1. That URL does not exist.
   
2. By including http://uninformativ.de in that request, this instructs the webserver to do an HTTP proxy request. Of course, this isn’t allowed on my webserver (and shouldn’t by allowed on any normal webserver), resulting in HTTP 400. And even if it were, the target would be the exact same server, making a proxy request unnecessary.
   

And of course, it’s not just 50 hits like this or 100 or 1’000 or 10’000. No, it’s over 150’000 in the last 2 days. All from vastly different IP ranges of different cloud hosters.

This almost looks like a DDoS attack, but it’s just completely stupid. This feels more like some idiot vibe coded a crawler.

(#sxlpyva) @movq@www.uninformativ.de Oh, fuck them!

(#sxlpyva) This looks like a botnet, to be honest. The IPs are all over the place. Ethopia, Brazil, Kenya, Lebanon, Netherlands, … I mean, that’s the logical thing to do, isn’t it? Do your web crawling on infected PCs. Nobody will block those, because those are the same IP ranges as legitimate requests. And obviously you don’t have to pay for computing time.

… and they all send invalid HTTP requests, all answered with HTTP 400 … How silly.