I finally built a solution for stopping the attacks on our blog. Blocking IPs via firewall behind a load balancer won’t work but Fail2ban + an Nginx map rule does the job. I added slack notifications for the 😽👌
Since posting this there has been a surge in exploit attempts. Are the gods mocking my hubris?