this post was submitted on 21 Mar 2025
210 points (99.1% liked)

Linux

6891 readers
466 users here now

A community for everything relating to the GNU/Linux operating system

Also check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
210
FOSS infrastructure is under attack by AI companies (thelibre.news)
submitted 2 weeks ago* (last edited 2 weeks ago) by throws_lemy@lemmy.nz to c/linux@programming.dev
38 comments fedilink hide all child comments
 

LLM scrapers are taking down FOSS projects' infrastructure, and it's getting worse.

you are viewing a single comment's thread
view the rest of the comments
[–] grrgyle@slrpnk.net 70 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Wow that was a frustrating read. I dd not know it was quite that bad. Just to highlight one quote

they don’t just crawl a page once and then move on. Oh, no, they come back every 6 hours because lol why not. They also don’t give a single flying fuck about robots.txt, because why should they. [...] If you try to rate-limit them, they’ll just switch to other IPs all the time. If you try to block them by User Agent string, they’ll just switch to a non-bot UA string (no, really). This is literally a DDoS on the entire internet.

[–] jatone@lemmy.dbzer0.com 29 points 2 weeks ago (2 children)

the solution here is to require logins. thems the breaks unfortunately. it'll eventually pass as the novelty wears off.

[–] nao@sh.itjust.works 12 points 2 weeks ago (2 children)

Next you'll have to invest in preventing automated signups

[–] hisao@ani.social 5 points 2 weeks ago (1 children)

Signups in most platforms are quite hard. Straight up give your phone and do SMS verification, or at least give email and to register that email you will have to provide phone anyway. Captchas nowadays became so hard that even humans struggle with them and it often takes multiple attempts to get it right.

[–] nao@sh.itjust.works 4 points 2 weeks ago (1 children)

provide phone number to look at this foss project's website, not too sure about that

[–] Taleya@aussie.zone 5 points 2 weeks ago

Honestly if any site demands my phone number it can get fucked.

[–] jatone@lemmy.dbzer0.com 1 points 2 weeks ago

not really, just tie it with 2fa SMS style and the hurdle is large enough most companies won't bother.

[–] possiblylinux127@lemmy.zip 7 points 2 weeks ago (2 children)

Alternative: require a proof of work calculation.

[–] marauding_gibberish142@lemmy.dbzer0.com 2 points 2 weeks ago (1 children)

This is exactly what we need to do. You'd think that a FOSS WAF exists out there somewhere that can do this

[–] LiveLM@lemmy.zip 3 points 2 weeks ago (2 children)

There is. That screenshot you see in the article is a picture of a brand new one, Anubis

[–] marauding_gibberish142@lemmy.dbzer0.com 3 points 2 weeks ago

Yeah I realised that after posting. I think we need a better one to deal with the cases of letting legitimate users in easier though

[–] possiblylinux127@lemmy.zip 1 points 2 weeks ago

It kind of sucks but it is the best we have for the moment

[–] ulterno@programming.dev 0 points 2 weeks ago

Make them mine a BTC block in the Browser!

^Sorry, I'm low in blood and full of mosquito vomit. That's probably making me think weird stuff.^