this post was submitted on 14 Feb 2024
1070 points (98.5% liked)

Technology

58303 readers
8 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 238 points 9 months ago (6 children)

Put something in robots.txt that isn't supposed to be hit and is hard to hit by non-robots. Log and ban all IPs that hit it.

Imperfect, but can't think of a better solution.

[–] [email protected] 127 points 9 months ago* (last edited 9 months ago) (4 children)

Good old honeytrap. I'm not sure, but I think that it's doable.

Have a honeytrap page somewhere in your website. Make sure that legit users won't access it. Disallow crawling the honeytrap page through robots.txt.

Then if some crawler still accesses it, you could record+ban it as you said... or you could be even nastier and let it do so. Fill the honeytrap page with poison - nonsensical text that would look like something that humans would write.

[–] [email protected] 59 points 9 months ago (1 children)

I think I used to do something similar with email spam traps. Not sure if it's still around but basically you could help build NaCL lists by posting an email address on your website somewhere that was visible in the source code but not visible to normal users, like in a div that was way on the left side of the screen.

Anyway, spammers that do regular expression searches for email addresses would email it and get their IPs added to naughty lists.

I'd love to see something similar with robots.

[–] [email protected] 32 points 9 months ago* (last edited 9 months ago) (1 children)

Yup, it's the same approach as email spam traps. Except the naughty list, but... holy fuck a shareable bot IP list is an amazing addition, it would increase the damage to those web crawling businesses.

[–] [email protected] 12 points 9 months ago (1 children)

but with all of the cloud resources now, you can switch through IP addresses without any trouble. hell, you could just browse by IP6 and not even worry with how cheap those are!

[–] [email protected] 12 points 9 months ago (1 children)

Yeah, that throws a monkey wrench into the idea. That's a shame, because "either respect robots.txt or you're denied access to a lot of websites!" is appealing.

[–] [email protected] -4 points 9 months ago

That's when Google's browser DRM thing starts sounding like a good idea 😭

[–] [email protected] 11 points 9 months ago

Even better. Build a WordPress plugin to do this.

[–] [email protected] 9 points 9 months ago

I’m the idiot human that digs through robots.txt and the site map to see things that aren’t normally accessible by an end user.

[–] [email protected] 21 points 9 months ago

"Help, my website no longer shows up in Google!"

[–] [email protected] 16 points 9 months ago (2 children)

Yeah, this is a pretty classic honeypot method. Basically make something available but inaccessible to the normal user. Then you know anyone who accesses it is not a normal user.

I’ve even seen this done with Steam achievements before; There was a hidden game achievement which was only available via hacking. So anyone who used hacks immediately outed themselves with a rare achievement that was visible on their profile.

[–] [email protected] 13 points 9 months ago (1 children)

That’s a bit annoying as it means you can’t 100% the game as there will always be one achievement you can’t get.

[–] [email protected] 3 points 9 months ago

perhaps not every game is meant to be 100% completed

[–] [email protected] 4 points 9 months ago

There are tools that just flag you as having gotten an achievement on Steam, you don't even have to have the game open to do it. I'd hardly call that 'hacking'.

[–] [email protected] 6 points 9 months ago* (last edited 9 months ago) (1 children)

Better yet, point the crawler to a massive text file of almost but not quite grammatically correct garbage to poison the model. Something it will recognize as language and internalize, but severely degrade the quality of its output.

[–] [email protected] 3 points 9 months ago

Maybe one of the lorem ipsum generators could help.

[–] nullPointer 4 points 9 months ago

a bad-bot .htaccess trap.