Appoxo@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 1 year agoCloudflare plans marketplace to sell permission to scrape websitestechcrunch.comexternal-linkmessage-square14fedilinkarrow-up1159cross-posted to: technology@lemmy.ziptechnology@lemmy.ml
arrow-up1159external-linkCloudflare plans marketplace to sell permission to scrape websitestechcrunch.comAppoxo@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 1 year agomessage-square14fedilinkcross-posted to: technology@lemmy.ziptechnology@lemmy.ml
minus-squareumami_wasabi@lemmy.mllinkfedilinkEnglisharrow-up19·1 year agoHow can I do this without Cloudflare?
minus-squareRikudou_Sage@lemmings.worldlinkfedilinkEnglisharrow-up22·1 year agoPut a page on your website saying that scrapping your website costs [insert amount] and block the bots otherwise.
minus-squaregravitas_deficiency@sh.itjust.workslinkfedilinkEnglisharrow-up15·1 year agoThe hard part is reliably detecting the bots
minus-squaremelroy@kbin.melroy.orglinkfedilinkarrow-up5·1 year agoAlso you don’t want to block legit search engines that are not scraping your data for AI.
minus-squaregravitas_deficiency@sh.itjust.workslinkfedilinkEnglisharrow-up7·1 year agoAgain: hard to differentiate all those different bots, because you have to trust that they are what they say they are, and they often are not
minus-squaremelroy@kbin.melroy.orglinkfedilinkarrow-up5·1 year agoInstead of blocking bots on user agent… I’m blocking full IP ranges: https://gitlab.melroy.org/-/snippets/619
minus-squarevinnymac@lemmy.worldlinkfedilinkEnglisharrow-up4·edit-21 year agoIt certainly can be a cat and mouse game, but scraping at scale tends to be ahead of the curve of the security teams. Some examples: https://brightdata.com/ https://oxylabs.io/ Preventing access by requiring an account, with strict access rules can curb the vast majority of scraping, then your only bad actors are the rich venture capitalists.
How can I do this without Cloudflare?
Put a page on your website saying that scrapping your website costs [insert amount] and block the bots otherwise.
The hard part is reliably detecting the bots
Also you don’t want to block legit search engines that are not scraping your data for AI.
Again: hard to differentiate all those different bots, because you have to trust that they are what they say they are, and they often are not
Instead of blocking bots on user agent… I’m blocking full IP ranges: https://gitlab.melroy.org/-/snippets/619
It certainly can be a cat and mouse game, but scraping at scale tends to be ahead of the curve of the security teams. Some examples:
https://brightdata.com/
https://oxylabs.io/
Preventing access by requiring an account, with strict access rules can curb the vast majority of scraping, then your only bad actors are the rich venture capitalists.