all comments

[] -0 points

Probably skiddie bots, but you should look at the logs to make sure it isn't a targeted attack. Do you know if it's Tor, known VPNs, certain countries, etc?

I know lots of people just block Chinese/Russian/whatever IPs for this reason. If you know you won't be connecting from there and you aren't really interested in serving content to the region, you may as well just geoblock it if you're getting attacked.

With VPNs and Tor it's a bit more difficult, you might want to allow some of that depending on how you access your servers and what audience you're serving. Temporary blocks are probably better.

If you're getting specifically targeted then set up a honeypot and see what you can learn.

[] -0 points

It's not traffic, it's noise consuming your resources. You drop it.

[] -0 points

then you find out who they are