I'm seeking insights from anyone who has dealt with traffic coming from ASN 203020, also known as HOSTROYALE. Recently, one of our services has been hit with an overwhelming number of requests, reaching millions at peak times. The behavior of this traffic seems more automated than human, which raises some red flags for us. However, since HOSTROYALE is a hosting provider, we're cautious about blocking the entire ASN because there might be legitimate users among them.
Right now, we're temporarily blocking ASN 203020 at the Cloudflare ASN level for stability, but I wonder if this is a good long-term strategy. I'm looking for advice on a few points:
1. Have any of you experienced abuse or scraping from ASN 203020?
2. What methods do you use to differentiate between real user traffic and bot traffic?
3. In situations like this, do you typically:
- Fully block the ASN, or
- Target smaller IP ranges based on behavior?
4. What techniques have you found useful before resorting to a full ASN block? (like rate limiting or analyzing request patterns)
I hope to get shared experiences and best practices to safeguard our infrastructure without blocking potential legitimate traffic!
5 Answers
I suggest starting with a temporary block of the ASN and reporting the abusive IPs to HOSTROYALE's abuse email. They take this seriously and generally respond well. They might help address specific problematic IPs without requiring you to block the entire ASN.
HOSTROYALE is kind of like the Walmart of hosting providers, so blocking the whole ASN might really hurt legitimate users. Instead of a complete block, check if the traffic is actually reaching your application or just overwhelming your front end. If it’s the latter, using Cloudflare’s filtering options based on user agent or referrer can be more effective. If all the requests are similar, it might be better to rate limit by IP and let the bots exhaust their quotas while allowing real users to get through. That way, you won't accidentally block genuine sites using their service!
Just send them an abuse report! If it’s suspicious, gather logs and a list of the IPs involved, and follow their reporting procedures. They are strict when it comes to legitimate complaints, and it’s a good step to take since they do cater to less desirable users occasionally.
As a bot detection researcher, I can tell you that HOSTROYALE is often used by bot developers. We see a lot of click fraud traffic from their servers. To spot bot behavior from this ASN, I look for signs like browser tampering and specific automation triggers. As far as blocking goes, aiming for individual verification instead of relying on broader ASN blocks tends to be more effective.
When it comes to handling massive scraping, blocking isn't usually the best move. From my experience with a SaaS that faced heavy scraping, a layered approach works wonders. You might want to consider caching aggressively for high-risk sources, slowing down responses to problematic traffic, or intermittently challenging them with captchas to ensure you’re not disrupting legit users. This way, you control unwanted traffic without hindering genuine interactions.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures