I have a website on MS Azure and for the past two months, I've been getting mass amount of requests from Russia spamming my site and logs with non-sense and pro-Trump garbage. Based on what I read, I'm not the only site with this issue. Google Analytics shows almost half of the requests to my site are spam on a daily bases from the same source.
I really don't have access to the IIS access logs to see what IPs the spam is coming from. Plus, if they change IPs, then back I'm from where I started. So I decided to block Russia Federation until I can sort this out. I used an online site to generate the configuration necessary to block all request from Russia. Russia is a big country. It has 11 time-zones and a whole a lot of ips to block. In fact, the config file got so large that Azure choked (500 errors).
One other option is to check the country where the request is coming from dynamically and reject the request. This means that I have to verify every request from a third-party service. That may slow thing down for the legit users.
The question is, what option do I have to stop the flood? This costing me money in terms of bandwidth and performance.