this post was submitted on 09 Jan 2025
52 points (93.3% liked)

Selfhosted

53785 readers
351 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
52
Non-Cloudflare AI blocking? (lemmy.sdf.org)
submitted 11 months ago by ctag@lemmy.sdf.org to c/selfhosted@lemmy.world
38 comments fedilink hide all child comments
 

Now that we know AI bots will ignore robots.txt and churn residential IP addresses to scrape websites, does anyone know of a method to block them that doesn't entail handing over your website to Cloudflare?

you are viewing a single comment's thread
view the rest of the comments
[–] drkt@scribe.disroot.org 29 points 11 months ago (2 children)

I am currently watching several malicious crawlers be stuck in a 404 hole I created. Check it out yourself at https://drkt.eu/asdfasd

I respond to all 404s with a 200 and then serve them that page full of juicy bot targets. A lot of bots can't get out of it and I'm hoping that the driveby bots that look for login pages simply mark it (because it responded with 200 instead of 404) so a real human has to go and check and waste their time.

[–] ctag@lemmy.sdf.org 7 points 11 months ago

That's pretty neat. Thanks!

[–] danielquinn@lemmy.ca 7 points 11 months ago (2 children)

This is pretty slick, but doesn't this just mean the bots hammer your server looping forever? How much processing do you do of those forms for example?

[–] drkt@scribe.disroot.org 8 points 11 months ago

doesn’t this just mean the bots hammer your server looping forever?

Yes

How much processing do you do of those forms

None

It costs me nothing to have bots spending bandwidth on me because I'm not on a metered connection and electricity is cheap enough that the tiny overhead of processing their requests might amount to a dollar or two per year.

[–] jagged_circle@feddit.nl 5 points 11 months ago

Best is to redirect them to a 1TB file served by hetzner's cache. There's some nginx configs that do this