2024: Zum ersten Mal mehr Internet-Bots als Menschen. 37 % davon „Bad Bots“. Sie klauen Daten, manipulieren Preise, täuschen Klicks – und füttern das Netz mit KI-Schrott. Jörg Schieb warnt: Wir surfen durch eine Bot-Fata Morgana und nennen es Social Media. #BadBot #KI #SocialMedia https://www.schieb.de/stirbt-social-media-oder-ertrinkt-es-in-ki-muell
#badbot
When protecting a set of small static websites against the onslaught of AI crawler bots, something like Anubis is a lot of effort to install.
So, I knocked up something that might help against the dumber bots, coded entirely inside nginx config so there's no other moving parts to install.
I've done some isolated testing but haven't installed it in anger yet - but I might add it to e.g. my blog and #Faircamp sites.
https://evilgeniusrobot.uk/posts/a-simple-bot-gatekeeper-for-nginx.html
Grok Is Spewing Antisemitic Garbage on X
https://fed.brid.gy/r/https://www.wired.com/story/grok-antisemitic-posts-x-xai/
You are making a mess of things! A multitude of access Logs are now over tenfold of what they were a week ago!
I have upgraded our #abuse detection system accordingly and placed #GPTBot in the penalty box.
This results in a better abuse detection in general. For that I thank you. It also results in #IPblocks of already a dozen of your abusing IPs.
I can see the load diminishing on the server now..
2/2
Using Simple Passwords To Block AI & Bots?
====================================
Had a chat with a friend, about how to keep blog posts away from bots and mainly AI.
I have no idea if the "solution" we came up with would work:
I use wordpress.com, the free version for my notes. That service has the option to password protect individual pages/blog posts.
The point is not to have a complicated password, since I suspect entering "apple orange" in the password field is as hard as if it was "%Ux79+/Wlq" for any kind of bot.
Also, the password _would be prominently on display_ on the main page and the same for all pages on the site. The point is not to block out people from the pages but bots.
For ease, I would use a javascript button to copy the password in addition [1].
Now, the question is
---------------------------------
Since I'm not a programmer, just a dabbler, sort of. Would this work, or is there a great gap in my reasoning, that I have missed?
Thankful for all replies to the question.
[1]: Using this function: https://www.w3schools.com/howto/howto_js_copy_clipboard.asp
I haven't checked yet if pasting in javascript is allowed in the freebie wordpress.com though.
L'effrayante théorie de l'internet mort par Try
Ahhh. Recently one of my work sites was found by an aggressive Brazilian scraping bot (possibly ai scanning). So @cadey to the rescue with Anubis (https://anubis.techaro.lol)! ❤️
Lista użytkowników Wordpress dostępna przez API ( https://nfsec.pl/pentest/6215 ) #wordpress #user #enumeration #badbot #twittermigration
🔒 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗻𝗴 𝗬𝗼𝘂𝗿 𝗪𝗲𝗯 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀 𝗳𝗿𝗼𝗺 𝗨𝗻𝗲𝘁𝗵𝗶𝗰𝗮𝗹 𝗕𝗼𝘁 𝗔𝗰𝘁𝗶𝘃𝗶𝘁𝗶𝗲𝘀 🔒
The continuous integration of bots to simulate human engagement, especially for unethical activities in web applications, poses security risks and diverts engagement with web resources. With the emergence of new AI projects and Large Language Models (LLMs), vulnerabilities such as prompt injections, data leakage, training data poisoning, and unauthorized code execution have become more prevalent.
To mitigate these risks, it is crucial to grant appropriate access to bots on your websites. Microsoft Bot Manager Ruleset, in combination with a Web Application Firewall, offers effective measures to reduce illegitimate non-human access. These measures include verified labels, static analysis (rate limiting), and behavioral analysis.
Find out more details: https://techcommunity.microsoft.com/t5/azure-network-security-blog/azure-web-application-firewall-bot-manager-scenarios/ba-p/3855731
#microsoft #security #ai #bot #waf #webapplicationfirewall #bot #llm #seo #azure #azuresecurity #microsoftsecurity #soc #siem #soar #badbot #goodbot #applicationsecurity #azurenetworking #networksecurity #behavioralanalysis
Je viens de tester cette "extension" de blocage des bad bots pour Apache 2.4 :
https://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker/tree/master/Apache_2.4
Et ça fonctionne bien :
$ curl -A "Photon" https://pasqualeberesti.fr
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access this resource.</p>
<hr>
<address>Apache/2.4.54 (Raspbian) Server at pasqualeberesti.fr Port 443</address>
</body></html>
@quickquotes #FakeBuddhaQuote #BadBot
https://fakebuddhaquotes.com/always-be-mindful-of-the-kindness-and-not-the-faults-of-others/
Ever wonder if a quote attributed to the Buddha was fake? Check out @bodhipaksa great website https://fakebuddhaquotes.com
Of course the quote I'm replying to is not against the Buddha's teachings. However when we have so many actual words of the Buddha, it's sad that people feel compelled to make them up.
TL;DR Un curioso esperimenti amatoriale ha evidenziato come un nuovo #host esposto in rete, dopo neanche 79 secondi, viene subito intercettato da #badbot, alla ricerca di #vulnerabilità da sfruttare. E di come i certificati #SSL ne siano “complici” inconsapevoli.
ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel - Overall bot activity on the web has soared, with a 26 percent growth rate -- attacks on applicatio... more: https://threatpost.com/threatlist-bots-spike-e-commerce-and-travel/155302/ #mostrecentthreatlists #detectionevasion #trafficanalysis #webapplications #sophistication #topverticals #websecurity #e-commerce #threatlist #thereport #analysis #research #attacks #radware #badbot #growth #bots
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst