#Can't stop bot traffic

Hey, I just launched my portfolio website: https://www.ciannavei.dev and I can't stop bot traffic.
I am getting a lot of traffic on "commonly vulnerable urls" like /restore/backup.sql.tar /restore/archive.zip.
In the dashboard I turned on "AI Labyrinth" and "Bot fight mode" but I am still getting those requests.

The frontend is hosted on workers and the backend is on my private server and logs every request.
What can I do?

upgrade to Pro and use the paid Managed Waf

or live with them

i don't want to spend money on that, i guess i'll live with that

😭

I had a logging middleware, I compiled a list of all the "vulnerable urls" they were curling and created a new middleware to return 404 no mater what to those urls

and wait for 30 seconds before returning so i at least waste their time 😄

put 10mb SQL dumps with randomly generated credentials to those scraped paths and waste their resources, they'll end up being the ones to blacklist your domain from getting scraped

this is actually a great idea!!!!

thanks

I have a better one actually, a zipbomb, if the same ip address goes to a "restricted page" 5 times in a row in less than 30 minutes i respond to every request with a zipbomb

and i call it db.tar.gz

these are rudimentary scrapers that don't care what you respond with, they just try to RCE your server.
even if you give them your database, their bad scripts aren't expecting it and will just do nothing with it

I hope whoever is trying to RCE my stuff sees db.tar.gz, tries to look at it and gets zipbombed