@prologic@twtxt.net You may already do all this stuff, but here’s my 2 cents.
One thing you can do is a use a site like https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time to download a list of blacllisted IP address in a format suitable for whichever firewall you’re using. Then you can hard ban those IPs.
Another thing you can use is install fail2ban
and set up rules appropriate to yarnd
. I’m not familiar enough to say what those should be, but blocking http POST floods is a good idea. You can also manually add IP addresses to fail2ban
jails, or semi-automate that where you read the IPs you want to ban from a list that you update regularly.
Finally, you could use something like akismet to automatically detect spam posts and block ones that fail their test. I’m not sure if you’re able to self host if you’re dependent on a call to their servers. Maybe there’s something similar that you could host locally if nto.