Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Meta IP ranges generating concurrent headless-like traffic with fbclid and facebook.com referer

CyberCr33pCyberCr33p Member
in General

I have noticed on several sites, not only e-shops but also news or corporate websites, a very large number of concurrent connections coming from IP ranges that belong to Meta, such as 66.220.x.x and 31.13.x.x.

The requests come with the referer https://www.facebook.com/ and include the parameter fbclid, however their behavior does not resemble normal traffic from real users.

Based on the headers, they appear to be headless browsers. For example, the requests include a user-agent such as:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36

while at the same time the header sec-ch-ua-platform declares “Linux”.

In some cases, especially on e-shops, hundreds or even thousands of requests are observed within a short period of time, often targeting pages with filters, which significantly increases resource usage on the servers.

Has anyone observed something similar?

Is there any information about why this might be happening?

Thanked by 1oloke

Comments

  • 384_cz384_cz Member

    I hate that rich ppl can DDoS without being put in jail

  • emghemgh Member, Megathread Squad

    yes

    also from other big tech companies

    i assume ai scrapers

    fuck them

    Thanked by 3oloke tentor bdspice
  • sillycatsillycat Member 
        # facebook
    deny 31.13.24.0/21;
    deny 31.13.64.0/18;
    deny 185.60.216.0/22;
    deny 57.136.0.0/15;
    deny 163.70.128.0/17;
    deny 163.77.128.0/17;
    deny 163.114.128.0/20;
    deny 57.136.0.0/13;
    deny 57.149.0.0/16;
    Thanked by 6emgh oloke 384_cz Falzo tentor tenji
  • emghemgh Member, Megathread Squad
    edited March 7

    @sillycat said:

        # facebook
    deny 31.13.24.0/21;
    deny 31.13.64.0/18;
    deny 185.60.216.0/22;
    deny 57.136.0.0/15;
    deny 163.70.128.0/17;
    deny 163.77.128.0/17;
    deny 163.114.128.0/20;
    deny 57.136.0.0/13;
    deny 57.149.0.0/16;

    i got like avg 5 req/s from ai scrapers concurrently for awhile for a single website until i started blocking as well

    also with all url params imaginable, bypassed most caching

    Thanked by 2sillycat tentor
Sign In or Register to comment.