Selfhosted

42834 readers

836 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Advice on how to deal with AI bots/scrapers? (lemmy.librebun.com)

submitted 1 day ago by sailorzoop@lemmy.librebun.com to c/selfhosted@lemmy.world

43 comments fedilink hide all child comments

Long story short, my VPS, which I'm forwarding my servers through Tailscale to, got hammered by thousands of requests per minute from Anthropic's Claude AI. All of which being from different AWS IPs.

The VPS has a 1TB monthly cap, but it's still kinda shitty to have huge spikes like the 13GB in just a couple of minutes today.

How do you deal with something like this?
I'm only really running a caddy reverse proxy on the VPS which forwards my home server's services through Tailscale. "

I'd really like to avoid solutions like Cloudflare, since they f over CGNAT users very frequently and all that. Don't think a WAF would help with this at all(?), but rate limiting on the reverse proxy might work.

(VPS has fail2ban and I'm using /etc/hosts.deny for manual blocking. There's a WIP website on my root domain with robots.txt that should be denying AWS bots as well...)

I'm still learning and would really appreciate any suggestions.

you are viewing a single comment's thread
view the rest of the comments

[–] breadsmasher@lemmy.world 21 points 1 day ago (7 children)

Im struggling to find it, but theres like an “AI tarpit” that causes scrapers to get stuck. something like that? Im sure I saw it posted on lemmy recently. hopefully someone can link it

[–] sailorzoop@lemmy.librebun.com 14 points 1 day ago (3 children)

I did find this github link as the first search result, looks interesting, thanks for letting me know the term "tar pit".

[–] doodledup@lemmy.world 1 points 2 hours ago

I don't quiet understand how this is deployed. Hosting this behind a dedicated subdomain or path kind of defeats the purpose as the bots are still able to access the actual website no problem.

[–] _cryptagion@lemmy.dbzer0.com 1 points 2 hours ago

If you’re looking to stop them from wasting your traffic, do not use a tarpit. The whole point of it is that it makes the scraper get stuck on your server forever. That means you pay for the traffic the scraper uses, and it will continually rack up those charges until the people running it wise up and ban your server. The question you gotta ask yourself is, who has more money, you or the massive AI corp?

Tarpits are the dumbest bit of anti-AI tech to come out yet.

[–] quantenzitrone@lemmings.world 11 points 22 hours ago (1 children)

there is also https://forge.hackers.town/hackers.town/nepenthes

[–] N0x0n@lemmy.ml 7 points 16 hours ago* (last edited 12 hours ago)

Now I just want to host a web page and expose it with nepenthes...

First, because I'm a big fan of carnivorous plants.

Second, because it let's you poison LLMs, AI and fuck with their data.

Lastly, because I can do my part and say F#CK Y0U to those privacy data hungry a$$holes !

I don't even expose anything directly to the web (always accessible through a tunnel like wireguard) or have any important data to protect from AI or LLMs. But just giving the opportunity to fuck with them while they continuously harvest data from everyone is something I was already thinking off but didn't knew how.

Thanks for the link !

load more comments (3 replies)