July 14, 2026
Botnets, blackholes, and comment chaos
How the FSF sysadmins block botnets with reaction
FSF fights a bot swarm, and the comments immediately turn into a messy AI ethics food fight
TLDR: The FSF says it found a faster way to block giant waves of malicious traffic, including some tied to smart-TV botnets, by switching tools and building its own setup. Commenters then turned the story into a brawl over AI scraping, politics in software, and who really counts as an “attacker.”
The Free Software Foundation basically posted a war diary about fending off huge waves of fake visitors hammering its sites, including traffic linked to a botnet made of hijacked smart TVs. Their big win: ditching an older setup that choked on massive blocklists and switching to reaction, a newer tool they tuned to shut out millions of suspicious internet addresses fast. In plain English, they found a better bouncer for the door after the old one started wheezing.
But the real show was in the comments, where the crowd instantly split into tech support mode, culture-war mode, and conspiracy mode. One of the hottest reactions was the blunt moral question: are these “attackers,” or just AI companies vacuuming up the web and pretending it’s normal business? That kicked off the spiciest subtext of all: is the internet being strip-mined for artificial intelligence, and who’s willing to say it out loud?
Then came the classic engineer flexes. One commenter casually dropped a lower-overhead alternative like they were tossing a folding chair into the ring, while another noted this kind of scaling pain isn’t unique. And yes, there was side-drama: one person got hung up on a political message in the software’s page and turned a server-defense thread into a debate about ideology in open-source software. Meanwhile, another commenter pointed out the FSF’s own anti-JavaScript values may limit easier anti-bot tricks, which gave the whole thread a very on-brand vibe: fight the bots, preserve user freedom, and argue about absolutely everything else online.
Key Points
- •The FSF observed abnormal scraper traffic patterns, used regular expressions to identify source IPs, and found evidence that some traffic came through residential botnets.
- •The article says at least some traffic targeting GNU Savannah was confirmed to originate through the Vo1d/Popa botnet, with supporting data published by Qurium researchers.
- •The FSF's initial fail2ban plus UFW approach hit scaling problems, with degradation appearing around 65,000 firewall rules.
- •Switching to ipset allowed the FSF to manage much larger blocklists, with the article reporting no instability at about five million rules.
- •After fail2ban with ipset still hit architectural limits, the FSF adopted reaction, built a custom ipset-based configuration, and contributed its implementation details upstream.