To stop a wave of scraping on their self-hosted Forgejo, the author stacked defenses like a firewall architect on caffeine. First came manual IP rate-limiting. Then NGINX caching and traffic shaping. Finally: Iocaine 3.
That last one didn’t just block bots, it lured them into a maze of junk pages. The Nam-Shub-of-Enki module spun up auto-generated nonsense and rerouted bad actors straight into it. Think bot honeypot meets digital oubliette.
Caching flopped, requests were too random to reuse. Only Iocaine held the line, tagging fingerprints, filtering by ASN, and slashing CPU burn, bandwidth, and power draw.
System shift: Bot scraping keeps evolving. Defenders now need smarter, per-request detection and dynamic responses, especially for open-facing infra. Bot traffic isn't obvious anymore. It's organized.
