I’ve been working on a small side project to analyze traffic logs and surface bot activity in a way that’s actually useful.
Not a full security platform. Just something simple that answers:
who is hitting my site
how often
and what they’re trying to access
I pointed it at one of my endpoints and let it run.
Here’s what showed up in a short window:
20.48.232.178 → 13,777 hits
20.104.201.101 → 7,916 hits
20.151.229.110 → 7,427 hits
20.220.232.240 → 7,096 hits
20.220.213.131 → 5,188 hits
162.158.62.142 → 2,979 hits
104.23.253.15 → 2,926 hits
162.158.154.75 → 2,616 hits
Most of these were hitting common scan paths like:
/scanner.php
/wp-admin
random probe endpoints
Nothing fancy. Just constant noise.
What stood out
It wasn’t one attacker. It was volume.
Thousands of requests from single IPs. Repeated scans. Same patterns over and over.
If you’re not looking at raw logs, you don’t really see it.
And most small projects don’t have anything in place to filter or summarize this.
What I built
I put together a lightweight tool that:
logs traffic
aggregates hits per IP
tags common scan patterns
surfaces “top offenders” quickly
No heavy infra. Just a small service and a database.
The goal wasn’t to block everything automatically.
It was to make the data obvious enough that you can decide what to do:
block at firewall
add nginx rules
ignore known noise
or just understand what’s hitting your app
Why this matters (especially early)
If you’re running:
a side project
a VPS
a self-hosted app
you’re getting hit like this too.
You just don’t see it yet.
Free access (early users)
I’m opening this up for testing.
First 100 people can use it free for 3 months.
No credit card.
Code: DTO2026
https://blockabot.com
After that it’s around $5/month for full access (logs, threat feed, etc).
Top comments (0)