31
Have clankers visited my blog one hundred twenty-one sexagintillion eight hundred ten novemquinquagintillion times so far in November?? (lemmy.ml)
submitted 3 weeks ago* (last edited 3 weeks ago) by benagain@lemmy.ml to c/selfhosted@lemmy.world
45 comments fedilink hide all child comments

Got a warning for my blog going over 100GB in bandwidth this month... which sounded incredibly unusual. My blog is text and a couple images and I haven't posted anything to it in ages... like how would that even be possible?

Turns out it's possible when you have crawlers going apeshit on your server. Am I even reading this right? 12,181 with 181 zeros at the end for 'Unknown robot'? This is actually bonkers.

Edit: As Thunraz points out below, there's a footnote that reads "Numbers after + are successful hits on 'robots.txt' files" and not scientific notation.

Edit 2: After doing more digging, the culprit is a post where I shared a few wallpapers for download. The bots have been downloading these wallpapers over and over, using 100GB of bandwidth usage in the first 12 days of November. That's when my account was suspended for exceeding bandwidth (it's an artificial limit I put on there awhile back and forgot about...) that's also why the 'last visit' for all the bots is November 12th.

top 45 comments
sorted by: hot top controversial new old
[-] slazer2au@lemmy.world 9 points 3 weeks ago

AI scrapers are the new internet DDoS.

Might want to throw something Infront of your blog to ward them off like Anubis or a Tarpit.

[-] Eyekaytee@aussie.zone 3 points 3 weeks ago* (last edited 3 weeks ago)

the one with the quadrillion hits is this bad boy: https://www.babbar.tech/crawler

Babbar.tech is operating a crawler service named Barkrowler which fuels and update our graph representation of the world wide web. This database and all the metrics we compute with are used to provide a set of online marketing and referencing tools for the SEO community.

[-] porcoesphino@mander.xyz 3 points 3 weeks ago

we?

[-] Jessica@discuss.tchncs.de 2 points 3 weeks ago

It's a quote from the website

[-] Vorpal@programming.dev 4 points 3 weeks ago

It is common custom to indicate quotes, with either "quotes" or for a longer quote a

block quote

The latter can be done by prefixing the line with a > here on lemmy (uses the common markdown syntax).

Doing either of this help avoid ambiguity.

[-] Jessica@discuss.tchncs.de 1 points 3 weeks ago

You replied to the wrong person. I already know this, but clearly the person who posted the quote doesn't ;)

[-] hoshikarakitaridia@lemmy.world 8 points 3 weeks ago

Fucking hell.

Yeah and that's why people are using cloudflare so much.

[-] artyom@piefed.social 9 points 3 weeks ago

One corporation DDOS's your server to death so that you need the other corporations' protection.

[-] MaggiWuerze@feddit.org 6 points 3 weeks ago

basically protection racket

[-] muffedtrims@lemmy.world 2 points 3 weeks ago

That's a nice website you gots there, would be ashame if something weres to happen to it.

[-] Agent641@lemmy.world 3 points 3 weeks ago

We accidentally the whole config file

[-] Lee@retrolemmy.com 6 points 3 weeks ago

A friend (works in IT, but asks me about server related things) of a friend (not in tech at all) has an incredibility low traffic niche forum. It was running really slow (on shared hosting) due to bots. The forum software counts unique visitors per 15 mins and it was about 15k/15 mins for over a week. I told him to add Cloudflare. It dropped to about 6k/15 mins. We excitemented turning Cloudflare off/on and it was pretty consistent. So then I put Anubis on a server I have and they pointed the domain to my server. Traffic drops to less than 10/15 mins. I've been experimenting with toggling on/off Anubis/Cloudflare for a couple months now with this forum. I have no idea how the bots haven't scrapped all of the content by now.

TLDR: in my single isolated test, Cloudflare blocks 60% of crawlers. Anubis blocks presumably all of them.

Also if anyone active on Lemmy runs a low traffic personal site and doesn't know how or can't run Anubis (eg shared hosting), I have plenty of excess resources I can run Anubis for you off one of my servers (in a data center) at no charge (probably should have some language about it not being perpetual, I have the right to terminate without cause for any reason and without notice, no SLA, etc). Be aware that it does mean HTTPS is terminated at my Anubis instance, so I could log/monitor your traffic if I wanted as well, so that's a risk you should be aware of.

[-] MinFapper@startrek.website 3 points 3 weeks ago

It's interesting that anubis has worked so well for you in practice.

What do you think of this guy's take?

https://lock.cmpxchg8b.com/anubis.html

[-] dual_sport_dork@lemmy.world 7 points 3 weeks ago

I run an ecommerce site and lately they've latched onto one very specific product with attempts to hammer its page and any of those branching from it for no readily identifiable reason, at the rate of several hundred times every second. I found out pretty quickly, because suddenly our view stats for that page in particular rocketed into the millions.

I had to insert a little script to IP ban these fuckers, which kicks in if I see a malformed user agent string or if you try to hit this page specifically more than 100 times. Through this I discovered that the requests are coming from hundreds of thousands of individual random IP addresses, many of which are located in Singapore, Brazil, and India, and mostly resolve down into those owned by local ISPs and cell phone carriers.

Of course they ignore your robots.txt as well. This smells like some kind of botnet thing to me.

[-] panda_abyss@lemmy.ca 2 points 3 weeks ago

I don’t really get those bots.

Like, there are bots that are trying to scrape product info, or prices, or scan for quantity fields. But why the hell do some of these bots behave the way they do?

Do you use Shopify by chance? With Shopify the bots could be scraping the product.json endpoint unless it’s disabled in your theme. Shopify just seems to show the updated at timestamp from the db in their headers+product data, so inventory quantity changes actually result in a timestamp change that can be used to estimate your sales.

There are companies that do that and sell sales numbers to competitors.

No idea why they have inventory info on their products table, it’s probably a performance optimization.

I haven’t really done much scraping work in a while, not since before these new stupid scrapers started proliferating.

[-] dual_sport_dork@lemmy.world 2 points 3 weeks ago

Negative. Our solution is completely home grown. All artisinal-like, from scratch. I can't imagine I reveal anything anyone would care about much except product specs, and our inventory and pricing really doesn't change very frequently.

Even so, you think someone bothering to run a botnet to hound our site would distribute page loads across all of our products, right? Not just one. It's nonsensical.

[-] panda_abyss@lemmy.ca 1 points 3 weeks ago

Yeah, that’s the kind of weird shit I don’t understand. Someone on the other hand is paying for servers and a residential proxy to send that traffic too. Why?

[-] Nighed@feddit.uk 0 points 3 weeks ago

Can you just move that product to a new URL? What happens?

[-] dual_sport_dork@lemmy.world 2 points 3 weeks ago

It doesn't quite work that way, since the URL is also the model number/SKU which comes from the manufacturer. I suppose I could write an alias for just that product but it would become rather confusing.

What I did experiment with was temporarily deleting the product altogether for a day or two. (We barely ever sell it. Maybe 1 or 2 units of it a year. This is no great loss in the name of science.) This causes our page to return a 404 when you try to request it. The bots blithely ignored this, and continued attempting to hammer that nonexistent page all the same. Puzzling.

[-] lka1988@lemmy.dbzer0.com 0 points 3 weeks ago

Could it be a competitor for that particular product? Hired some foreign entity to hit anything related to their own product?

[-] dual_sport_dork@lemmy.world 1 points 3 weeks ago

Maybe, but I also carry literally hundreds of other products from that same brand including several that are basically identical with trivial differences, and they're only picking on that one particular SKU.

[-] porcoesphino@mander.xyz 1 points 3 weeks ago* (last edited 3 weeks ago)

Have you ever tried writing a scrapper? I have for offline reference material. You'll make a mistake like that a few times and know but there are sure to be other times you don't notice. I usually only want a relatively small site (say a Khan Academy lesson which doesn't save text offline, just videos) and put in a large delay between requests but I'll still come back after thinking I have it down and it's thrashed something

[-] carrylex@lemmy.world 4 points 3 weeks ago* (last edited 3 weeks ago)
  1. Get a blocklist
  2. Enable rate limits
  3. Get a proper robots.txt
  4. ~~Profit~~ Silence
[-] Cort@lemmy.world 4 points 3 weeks ago

Can you just turn the robots.txt into a click wrap agreement to charge robots high fees for access above a certain threshold?

[-] carrylex@lemmy.world 1 points 3 weeks ago

why do a agreement when you can serve a zip bomb :D

[-] BurnedDonutHole@ani.social 3 points 3 weeks ago

You can also use crowdsec on your server to stop similar BS. They use a community based blacklist. You choose what you want to block. Check it out.

https://github.com/crowdsecurity/crowdsec

[-] jjlinux@lemmy.zip 0 points 3 weeks ago

I'm going to try and implement crowdsec for all my ProxMox containers over Cloudflare tunnels. Wish me luck and that my wife and kids let me do this without constantly making shot up fore to do.

[-] BurnedDonutHole@ani.social 0 points 3 weeks ago

Good luck and if you need help drop by their discord. They have an active community.

https://discord.gg/crowdsec

[-] jjlinux@lemmy.zip 1 points 3 weeks ago

Can they help me keep my wife and kids at bay too? That's what I need the most help with 😂

[-] BurnedDonutHole@ani.social 1 points 2 weeks ago

I don't think asking help about domestic issues on the Internet is healthy... However, who knows maybe they can ( ͡~ ͜ʖ ͡°)

[-] Thunraz@feddit.org 3 points 3 weeks ago

It's 12181 hits and the number behind the plus sign are robots.txt hits. See the footnote at the bottom of your screenshot.

[-] benagain@lemmy.ml 1 points 3 weeks ago

Phew, so I'm a dumbass and not reading it right. I wonder how they've managed to use 3MB per visit?

[-] arandomthought@sh.itjust.works 1 points 3 weeks ago

The robots are a problem, but luckily we're not into the hepamegaquintogilarillions... Yet.

[-] benagain@lemmy.ml 1 points 3 weeks ago* (last edited 3 weeks ago)

12,000 visits, with 181 of those to the robots.txt file makes way, way more sense. The 'Not viewed traffic' adds up to 136,957 too - so I should have figured it out sooner.

I couldn't wrap my head around how large the number was and how many visits that would actually entail to reach that number in 25 days. Turns out that would be roughly 5.64 quinquinquagintillion visits per nanosecond. Call it a hunch, but I suspect my server might not handle that.

[-] scrubbles@poptalk.scrubbles.tech 2 points 3 weeks ago

Check out Anubis. If you have a reverse proxy it is very easy to add, and for the bots stopped spamming after I added it to mine

[-] K3can@lemmy.radio 2 points 3 weeks ago

I recently added Anubis and its validation rate is under 40%. In other words, 60% of the incoming requests are likely bots and are now getting blocked. Definitely recommend.

[-] scrubbles@poptalk.scrubbles.tech 2 points 3 weeks ago

I was a single server with only me and 2 others or so, and then saw that I had thousands of requests per minutes at times! Absolutely nuts! My cloud bill was way higher. Adding anubis and it dropped down to just our requests, and bills dropped too. Very very strong proponent now.

[-] MinFapper@startrek.website 0 points 3 weeks ago

It's interesting that anubis has worked so well for you in practice.

What do you think of this guy's take?

https://lock.cmpxchg8b.com/anubis.html

[-] scrubbles@poptalk.scrubbles.tech 3 points 3 weeks ago

This dance to get access is just a minor annoyance for me, but I question how it proves I’m not a bot. These steps can be trivially and cheaply automated.

I don't think the author understands the point of Anubis. The point isn't to block bots completely from your site, bots can still get in. The point is to put up a problem at the door to the site. This problem, as the author states, is relatively trivial for the average device to solve, it's meant to be solved by a phone or any consumer device.

The actual protection mechanism is scale, the scale of this solving solution is costly. Bot farms aren't one single host or machine, they're thousands, tens of thousands of VMs running in clusters constantly trying to scrape sites. So to them, a calculating something that trivial is simple once, very very costly at scale. Say calculating the hash once takes about 5 seconds. Easy for a phone. Let's say that's 1000 scrapes of your site, that's now 5000 seconds to scrape, roughly an hour and a half. Now we're talking about real dollars and cents lost. Scraping does have a cost, and having worked at a company that does professionally scrape content they know this. Most companies will back off after trying to load a page that takes too long, or is too intensive - and that is why we see the dropoff in bot attacks. It's that it's not worth it for them to scrape the site anymore.

So for Anubis they're "judging your value" by saying "Are you willing to put your money where your mouth is to access this site?" For consumer it's a fraction of a fraction of a penny in electricity spent for that one page load, barely noticeable. For large bot farms it's real dollars wasted on my little lemmy instance/blog, and thankfully they've stopped caring.

[-] ohshit604@sh.itjust.works 1 points 3 weeks ago

I just geo-restrict my server to my country, certain services I’ll run an ip-blacklist and only whitelist the known few networks.

Works okay I suppose, kills the need for a WAF, haven’t had any issues with it.

[-] Vorpal@programming.dev 1 points 3 weeks ago

What is that log analysis tool you are using in the picture? Looks pretty neat.

[-] Eyekaytee@aussie.zone 1 points 3 weeks ago

does your blog have a blackhole in it somewhere you forgot about 😄

[-] hdsrob@lemmy.world 1 points 3 weeks ago

Had the same thing happen on one of my servers. Got up one day a few weeks ago and the server was suspended (luckily the hosting provider unsuspended it for me quickly).

It's mostly business sites, but we do have an old personal blog on there with a lot of travel pictures on it, and 4 or 5 AI bots were just pounding it. Went from 300GB per month average to 5TB on August, and 10/11 TB in September and October.

[-] irmadlad@lemmy.world 1 points 3 weeks ago

Unknown Robot is your biggest fan.

[-] Bazell@lemmy.zip 1 points 3 weeks ago

Looks for me like actions of AI agents.

this post was submitted on 26 Nov 2025
31 points (91.9% liked)

Selfhosted

53743 readers
125 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz