While 15k might sound a lot, consider that loading the Mastodon frontend on my old instance is ~300 requests on load alone.
Loading my old profile is ~280 requests.
When you factor in that a visit usually ends up doing 4-5 requests, we're down to ~3-3.7k visits in the past 24 hours, and across a dozen or so hosts, that's not very much. Maybe a few hundred visits / host. That used to be about my normal visitor count in the mid-2010s.
Now, I am using a complicated defense script. But iocaine 3.0's built-in script would have stopped ~38 million of those, and a firewall level block of the Huawei & Alibaba ASNs would have blocked another 11m.
That's 49 million requests stopped out of 50.96 million, or 96.67% of all requests. That's a very good rate for something as trivial as this pseudo-code:
ai.robots.txt: blockFirefox/ or Chrome/, and does not have a sec-fetch-mode header: blockTwo ifs in a trenchcoat and a firewall rule, and your bot troubles are gone.
If you have a fediverse account, you can quote this note from your own instance. Search https://come-from.mad-scientist.club/users/algernon/statuses/01KA7ADJ7XPXFYSZA2W7ST81ZS on your instance and quote it. (Note that quoting is not supported in Mastodon.)