thecoalman wrote: Wed Apr 24, 2024 5:58 pmWhether it's a real DDoS or malicious bots the best way to manage them is through a third party service like Cloudflare, especially for DDoS. Unfortunately that is not something easy to setup and deploy easily.
I use Cloudflare at the "free" tier level. You can define web application firewall rules, though it's limited to 5. Prompted by this thread, I searched a bit and read this Cloudflare blog from last year:
Easily manage AI crawlers with our new bot categories. In the past, I used user agent one-by-one matches to tame bots that don't respect robots.txt; this option makes it easier to "bundle" blocking rules (e.g., AI bots).
Setting up for Cloudflare does require more technical knowledge, e.g., understanding how the host/CDN topology works. But it does have the advantage of dealing with unwanted requests
before they reach your server versus .htaccess rules or phpBB-based bot limiting schemes.