[horde] bots hammer my instance
A.Schulze
sca at andreasschulze.de
Tue Nov 4 19:38:02 UTC 2025
Hello,
I have a public accessible horde instance. Since years ...
Of course, some remote hosts query my horde instance here and now and then. but this did not hurt.
Last week a noted a significant performance impact. I activated some more logging and was surprised.
In random 15 minutes, ~1000 different random clients query "/ horde / ansel / browse _ edit . php"
(inserted spaces for "only human readability")
I looked up some reverse dns names for some clients: all are named like the usual Dialup IPs.
What's my reaction?
First my strategy was to shortcut this specific requests. I no longer proxy the request to the app server.
This solved my performance issue. I simply respond directly with "200 foo". This does not change the number of requests.
Also responding with 404/503/whatever does not affect the number of requests *to this specific path*
So I started to delay my response multiple seconds. tarpitting :-)
Do you also see such request pattern? How do you handle it?
Andreas
More information about the horde
mailing list