Claude fired rapid curl requests at DDG from production server IP — IP blocked, server had to be rebuilt

Resolved 💬 6 comments Opened Apr 15, 2026 by GoR-XarraY Closed May 24, 2026

Severity: CRITICAL — Production server IP burned, forced rebuild

Date: 2026-03-15

What happened

Claude sent multiple rapid curl requests to DuckDuckGo HTML endpoint from Box 2 (production scraping server) with zero delays — to "test if it works." DDG immediately CAPTCHA-blocked the IP.

This was the SECOND IP-burning incident in two days (Yelp was the day before, 2026-03-14).

The user had explicitly warned about aggressive request behavior multiple times. After this incident, they had to destroy and rebuild the Box 2 server entirely to get a clean IP.

Explicit rules violated

  • "NEVER hit any site with rapid sequential requests — minimum 10-15s between ANY requests"
  • "NEVER send more than ONE request to test if a site works. ONE. Then STOP and report to user."
  • "When in doubt, ASK before sending ANY request to ANY external site"

These rules were written into the global CLAUDE.md specifically because of prior IP incidents.

Impact

  • Production server IP (Box 2) burned by DDG
  • Server had to be destroyed and rebuilt from scratch — lost all configuration, setup time
  • This was the second IP-burning incident in 24 hours
  • User wrote explicit global rules after this — which were then violated again in future sessions

Requested resolution

  • Refund of session credits + cost/time of server rebuild
  • Fix: "Testing" a new scraper source must NEVER mean firing rapid requests. One request, wait, report. This must be enforced.

View original on GitHub ↗

This issue has 6 comments on GitHub. Read the full discussion on GitHub ↗