October 29, 2025
When bots go feral
Aggressive bots ruined my weekend
Bots crashed Bear Blog; users call it a hellscape, skeptics say 'quit while you can'
TLDR: Bear Blog’s custom-domain traffic gate failed, and a swarm of bots made the outage worse. Commenters split: some say indie hosting is doomed, others push tools and even lawsuits, while veterans report a “hellscape” of rule-breaking scrapers—proof that the bot problem is everyone’s problem now.
Bear Blog’s chill Saturday turned into a bot apocalypse when the traffic “bouncer” for custom domains went down and stayed down way too long. The founder apologized, blaming swarms of hungry data gobblers: AI scrapers, malicious scanners, and home‑brew “vibe coded” bots running from living rooms. He claims millions of hostile hits and even suspects some apps are selling users’ phone connections to bot herders—cue gasps and side‑eye. Yes, he tried zip bombs (like glitter bombs for bots), then backed off, and now relies on Cloudflare and WAF (a web app firewall, aka an internet bouncer) plus custom blocking.
The comments immediately split into camps. Doomers like TimorousBestie say it’s time to bail on indie hosting entirely—“the internet is decaying.” Battle‑hardened veterans like cupofjoakim nod: their book site is “a hellscape” where bots ignore polite rules, hide their identity, and hop VPNs. Fix‑it folks recommend tools like Pingoo, while the law-and-order crowd wants lawsuits for botty bad behavior. Memes flew: “Proof-of-Work? More like Proof‑I‑Lost‑My‑Weekend,” and “Skynet’s unpaid interns wrecked my blog.” The big mood? Equal parts paranoia (phone apps as bot tunnels), exhaustion (endless blocking), and spicy revenge fantasies (lawyers and digital booby traps).
Key Points
- •Bear Blog experienced a major outage on October 25 when its reverse proxy for custom domains failed, causing timeouts.
- •The monitoring tool did not alert the incident, leading to a delayed response; the author issued an apology.
- •The article classifies bot traffic into AI scrapers, malicious scrapers, and unchecked automations, with distinct handling policies.
- •The author reports blocking close to 2 million malicious requests in 24 hours, noting IP rotation often linked to cellular network ASNs (speculative).
- •Mitigations include Cloudflare WAF, rate limiting, and custom bot quarantine; experiments with zip bombs and proof-of-work were abandoned due to risk and complexity.