this post was submitted on 09 Jan 2025
57 points (95.2% liked)

Selfhosted

60366 readers
679 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Now that we know AI bots will ignore robots.txt and churn residential IP addresses to scrape websites, does anyone know of a method to block them that doesn't entail handing over your website to Cloudflare?

you are viewing a single comment's thread
view the rest of the comments
[–] scrubbles@poptalk.scrubbles.tech 6 points 2 years ago (2 children)

If I'm reading your link right, they are using user agents. Granted there's a lot. Maybe you could whitelist user agents you approve of? Or one of the commenters had a list that you could block. Nginx would be able to handle that.

[–] albert180@discuss.tchncs.de 9 points 2 years ago

They just Fake User Agents If you Block them

[–] ctag@lemmy.sdf.org 2 points 2 years ago (1 children)

Thank you for the reply, but at least one commenter claims they'll impersonate Chrome UAs.

[–] albert180@discuss.tchncs.de 14 points 2 years ago* (last edited 2 years ago) (1 children)

You can read more Here

If you try to rate-limit them, they'll just switch to other IPs all the time. If you try to block them by User Agent string, they'll just switch to a non-bot UA string (no, really). This is literally a DDoS on the entire internet.

https://pod.geraspora.de/posts/17342163

[–] FaceDeer@fedia.io 4 points 2 years ago (1 children)

Except it's not denying service, so it's just a D.

[–] ctag@lemmy.sdf.org 7 points 1 year ago

In the hackernews comments for that geraspora link people discussed websites shutting down due to hosting costs, which may be attributed in part to the overly aggressive crawling. So maybe it's just a different form of DDOS than we're used to.