by jcat123 on 10/31/24, 6:09 PM with 43 comments
by mmastrac on 10/31/24, 6:29 PM
Agents that trigger the first level of rate-limiting go through a "tarpit" that holds their connection for a bit before serving it which seems to keep most of the bad actors in check. It's impossible to block them via robots.txt, and I'm trying to avoid using too big of a hammer on my CloudFlare settings.
EDIT: checking the logs, it seems that the only bot getting tarpitted right now is OpenAI, and they _do_ have a GPTBot signature:
2024-10-31T02:30:23.312139Z WARN progscrape::web: User hit soft rate limit: ratelimit=soft ip="20.171.206.77" browser=Some("Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)") method=GET uri=/?search=science.org
by jhpacker on 10/31/24, 6:26 PM
Not to say it isn't an issue, but that Forture article they reference is pretty alarmist and thin on detail.
by neilv on 10/31/24, 6:54 PM
As someone who's built multiple (respectful) Web crawlers, for academic research and for respectable commerce, I'm wondering whether abusers are going to make it harder for legitimate crawlers to operate.
by wtf242 on 10/31/24, 6:31 PM
I now block all ai crawlers at the cloudflare WAF level. On Monday I noticed a HUGE spike in traffic and my site was not handling it well. After a lot of troubleshooting and log parsing, I was getting millions of requests from China that were getting past cloudflare's bot protection.
I ended up having to force a CF managed challenge for the entire country of China to get my site back in a normal working state.
In the past 24 hours CF has blocked 1.66M bot requests. Good luck running a site without using CloudFlare or something similar.
AI crawlers are just out of control
by PittleyDunkin on 10/31/24, 6:20 PM
by odc on 10/31/24, 8:30 PM
by sghiassy on 10/31/24, 6:24 PM
by yazzku on 10/31/24, 6:22 PM