Simple bot detection methods that won’t inconvenience users(ctrl.blog)
ctrl.blog
Simple bot detection methods that won’t inconvenience users
https://www.ctrl.blog/entry/detect-non-browser-form-submission.html
2 comments
A large percentage of bots just run chrome now.
If they're generating low quality content then block that shit. If they're brute-forcing logins then add mandatory delays. If they're straining server resources then add rate limiting. If they're bypassing that with multiple IPs and preventing paying customers from accessing resources then bucket your resources according to "paid" and "everyone else."
You're going to track the metrics you care about anyway and start twiddling parameters to temporarily prevent the dumbest bots from causing harm. Instead of figuring out how the current batch of crawlers behaves and trying to engineer human-friendly countermeasures that'll work for a few months for some of your "attackers," is it really that much harder to just engineer your system to throw away garbage it doesn't want regardless of whether the originator is human?