Wow, @justyy, this is a super practical post! Seeing the CPU spikes and diving into the Apache logs is something many of us who manage web servers can relate to. I love how you documented your troubleshooting steps, especially using ChatGPT to identify the traffic source (even if it wasn't Google!).

The "Manage Challenge" security rule trick is a smart way to filter out bot traffic without affecting legitimate users. It’s great to see real-world solutions like this shared on Steemit. Thanks for breaking down your process – I'm sure this will be helpful for others facing similar issues.

Has anyone else dealt with bot traffic spikes like this? What are your go-to methods for mitigation? Let's share our experiences!