The Nvidia Neverending Thread: Chasing MinGW Support Since the Dawn of Time (forums.developer.nvidia.com)

1 points by gioelecantoni 8m ago 1 comments

Show HN: Rm-safely – a safety net for rm command (github.com)

1 points by zdkaster 11m ago 0 comments

Ladybird Proves You Can Just Build a New Web Browser (lunduke.substack.com)

1 points by philipallstar 14m ago 0 comments

Mistral AI submits lifecycle analysis for one of their model (mistral.ai)

1 points by phtrivier 17m ago 1 comments

Ask HN: How do you imagine an AI-driven utopia?

1 points by msvana 18m ago 0 comments

US-EU Deal sets 15% tariffs on most goods (apnews.com)

1 points by glimshe 18m ago 0 comments

The intimacy of never talking again (personalscriptures.substack.com)

1 points by arthurmorgan 20m ago 0 comments

The key to increasing standard of living is increasing labor productivity (gabrielweinberg.com)

1 points by mustaphah 22m ago 0 comments

Dynamic Phase Alignment in Audio [video] (youtube.com)

1 points by todsacerdoti 22m ago 0 comments

Building stronger engineering teams with aligned autonomy (stackoverflow.blog)

1 points by r4um 25m ago 0 comments

Big Brother gets new powers in China with digital ID system (washingtonpost.com)

1 points by perihelions 29m ago 0 comments

Building SaaS billing with an open-source commerce platform (medusajs.com)

1 points by srindom 29m ago 0 comments

How to prioritize marketing when attribution is broken and AI is changing rules?

1 points by ivanmarketingua 32m ago 0 comments

Investigating a latency spike across Envoy, Consul with the help of pprof (koyeb.com)

2 points by Sadzeih 34m ago 0 comments

Show HN: Stop the '+1' Spam: Automatically Filter GitHub Comment Noise

2 points by freakynit 38m ago 0 comments

Microsoft's Aurora AI foundation model goes beyond weather forecasting (news.microsoft.com)

2 points by gballan 39m ago 0 comments

Telegram responds to investigation linking them to Russian security services (occrp.org)

3 points by lamg 40m ago 0 comments

Copyright Lawsuit Accuses Meta of Pirating Adult Films for AI Training (torrentfreak.com)

2 points by isaacfrond 41m ago 0 comments

The Bard and the Shell (journal.bsd.cafe)

3 points by draga79 41m ago 0 comments

Factory finish modular kitchen Chennai – C Craft Interior (ccraft.in)

1 points by hri20205 42m ago 0 comments

A Tale of Practical Keylogger Forensics (research.hisolutions.com)

1 points by verin0x 45m ago 0 comments

MIT Launches Learning Platform: MIT Learn (news.mit.edu)

1 points by Amio 46m ago 0 comments

Altman warns there's no legal confidentiality when using ChatGPT as a therapist (techcrunch.com)

3 points by taubek 50m ago 0 comments

You won't believe what this AI said after deleting a database (smallcultfollowing.com)

1 points by weinzierl 51m ago 0 comments

Jump the Shark (brajeshwar.com)

1 points by furkansahin 51m ago 0 comments

Show HN: Memory Bank Templates – Cure AI Context Reset Problems (medium.com)

1 points by rstlix0x0 53m ago 0 comments

DoHoT: Making practical use of DNS over HTTPS over Tor (github.com)

1 points by DyslexicAtheist 55m ago 0 comments

Bringing Together Clazy and Clang-Tidy (alex1701c.github.io)

2 points by todsacerdoti 57m ago 0 comments

Rust Changelog #296 (rust-analyzer.github.io)

1 points by amalinovic 1h ago 0 comments

AI intensifies battle for talent, housing and investments in San Francisco (washingtonpost.com)

2 points by JamesAdir 1h ago 0 comments

Just released my open-source project: Log Manager (github.com)

2 points by bodyast1010 1h ago 0 comments

Starling reproduces spectrogram drawing [video] (youtube.com)

1 points by Luc 1h ago 1 comments

Show HN: AllEars – Automate Your Phone Based on Sounds (Offline, No Cloud) (play.google.com)

2 points by sanjeev309 1h ago 0 comments

The Wireless Cookbook (Early Access) (nostarch.com)

2 points by goldfish5878 1h ago 0 comments

Hello Sprout (daniel.haxx.se)

13 points by robin_reala 1h ago 2 comments

EU age verification app to ban any Android system not licensed by Google (old.reddit.com)

2 points by todsacerdoti 1h ago 1 comments

Britain 'ready to fight' over Taiwan, Defence Secretary suggests (telegraph.co.uk)

4 points by mhga 1h ago 3 comments

How to Make Websites That Will Require Lots of Your Time and Energy (blog.jim-nielsen.com)

18 points by OuterVale 1h ago 12 comments

Control Shift: New Reality Labs Research on SEMG Published in 'Nature' (meta.com)

1 points by ndsipa_pomu 1h ago 0 comments

Working with AI: Measuring the Occupational Implications of Generative AI (arxiv.org)

1 points by eric_khun 1h ago 0 comments

Can You Trust Your Computer? (gnu.org)

5 points by jruohonen 1h ago 2 comments

A VPN is seeing a 1,400% spike in signups as the UK's age verification law (mashable.com)

2 points by benkan 1h ago 0 comments

Ask HN: Lessons from migrating off Dynamics NAV (write‑up inside)

1 points by edihasaj 1h ago 0 comments

Scientists look to black holes to know where we are in the Universe (space.com)

1 points by benkan 1h ago 0 comments

Google rolls out new Gemini model that can run on robots locally (techcrunch.com)

2 points by benkan 1h ago 0 comments

The ultimate meeting culture (abitmighty.com)

40 points by todsacerdoti 1h ago 25 comments

Show HN: AI Equalizer – Personality sliders for building a better AI friend

2 points by FicPeter 1h ago 1 comments

Ever had to implement SAML SSO in PHP? (ssojet.com)

1 points by sophiabannet1 1h ago 1 comments

American musical satirist Tom Lehrer dies at 97 (bbc.com)

1 points by chha 1h ago 0 comments

OpenPsion (linux-7110.sourceforge.net)

1 points by austinallegro 1h ago 0 comments

Ask HN: Do You Block DigitalOcean?

4 sugarpimpdorsey 5 7/28/2025, 2:46:57 AM

I have at least half their subnets blacklisted at this point. They seem to host a lot of bot traffic, port scans, and other generally unsavoury characters.

Is this the wrong approach? A losing battle of whack-a-mole?

FWIW I get a not-insignificant amount of malicious traffic from AWS, Azure, and Google but I view these providers as "too big to block" - I can't blacklist large swaths of their IP space without breaking the Internet.

Comments (5)

fennec-posix · 5h ago

The Internet is always gonna have undesirable traffic if you're facing it. The trick is to minimize your surfaces as much as possible:

- Only keep open ports/forward ports for applications you use, drop/block everything else.

- Use strict host-header checking for web services on port 80/443, drop anything to 403/404 that doesn't have a valid host-header for the website(s) you're hosting.

- Move SSH and other remote admin servers to use a non-standard port. (legit, find a random port number between 9000-65535)

- If it doesn't need to be public, allow-list it with iptables.

Unfortunately DO and other providers will never have 100% legit traffic, it's just the nature of the Internet's noise floor.

Hope this helps you or someone else!

mmarian · 5h ago

IP blocking is a losing battle. Malicious actors can easily hop onto residential proxies.

Why do you care about that traffic? What exploits are you worried about? The answers will help you figure out what protection you'll need to set up.

ecb_penguin · 6h ago

Depending on your app, yes, you can block DO. You can probably block all of AWS and GCP as well. You can take it further and block all non-residential ASNs.

You'll block some legit traffic, but the majority of normal users will not be affected.

What is the persona of your average user? Average people shopping online? None of them are connecting through weird ASNs.

Someone complaining about a VPN being blocked? It's cost-benefit, tell them tough shit.

toomuchtodo · 5h ago

We block all cloud CIDRs at a financial services firm for public customer facing infra.

darklake · 6h ago

I've self hosted my email on DO for over 10 years on the same IP address. I am registered with Gmail so they don't block. I sometimes get blocked by major sites from whom I receive spam. I am not a fan of group punishment which is what you advocate.