It can't prevent the request but A)They are following excessive amount of URL's requesting the same content over and over B)there is something causing performance issue when there is excessive amount of SID's exacerbating the issue.It doesn't seem that getting rid ofsidin URL can prevent those bots from DDoS-ing a board.
This can even happen with bot identifying itself if it hasn't been added to bots list. On a forum I work on there was few thousand guests and it was running very slow. I think it was Claudebot and adding it to bots list immediately cleared the issue. Recently they had 20K "guests" online and the sessions table was over 400K rows. This is for a site that might have a few real visitors per hour. These are all random IP's with browser user agent.
I created a ticket for this a few days ago: https://tracker.phpbb.com/browse/PHPBB-17484
Statistics: Posted by thecoalman — Wed Mar 26, 2025 10:38 am