What steps can be taken to prevent AI training and scraping of my public facing website?

kiol@discuss.online · 19 hours ago

What steps can be taken to prevent AI training and scraping of my public facing website?

brewery@feddit.uk · 4 hours ago

Another option to reduce (but not eliminate) this traffic is a country limit. In cloudflare you can set a manual security rule to do this. There are self hosted options too but harder to setup. It depends what country you are and where your users are based. My website is a business one so I only allow my own country (and if on holiday I might open that country if I need to check it’s working, although usually I just use a paid vpn back to my country so no need). You can also block specific countries. So many of my blocked requests are from USA, China, Russia etc

lambalicious@lemmy.sdf.org · 14 hours ago

0.- Take it out of the public.

potatopotato@sh.itjust.works · 18 hours ago

Currently Anubis seems to be the standard for slowing down scrapers

https://github.com/TecharoHQ/anubis

There are also various poison and tarpit systems which will serve scrapers infinite garbage text or data designed to aggressively corrupt the models they’re training. Basically you can be as aggressive as you want. Your site will get scraped and incorporated into someone’s model at the end of the day, but you can show them down and make it hurt.

David J. Atkinson@c.im · 17 hours ago

@potatopotato @selfhosted Black Ice exists. Software is hand-to-hand combat. The most #cyberpunk sentence I’ve read today:

“There are also various poison and tarpit systems which will serve scrapers infinite garbage text or data designed to aggressively corrupt the models they’re training. “

TrippyHippyDan@lemmy.world · 16 hours ago

You can always go the Tarpit route as well https://zadzmo.org/code/nepenthes/

Auth@lemmy.world · 18 hours ago

You could put your website behind a cloudflare anti bot check. But realistically, your website is public facing and these bots are scraping the public web. They will eventually get the data from your website.

talkingpumpkin@lemmy.world · 18 hours ago

https://github.com/TecharoHQ/anubis

Nephalis@discuss.tchncs.de · 16 hours ago

Isn’t fail2ban a possibility too? I created a filter for chatgpt and some others, and it feels like its working. My radicale server is my only free acessable service but it comes with a small webgui and so the bots showed up. I have no clue if the bot gets a fraction of your site each time it shows up, but seemingly the ban happens within 300ms when I remember correct. So it wouldn’t be that much of information…

When setting the retry to 1 it will ban at the first sight.

JustTesting@lemmy.hogru.ch · 5 hours ago

A big issue is that this works for bots that announce themselves as such, but there’s lots that pretend to be regular users, with fake user agents and ips selected from a random pool with each ip only sending like 1-3 request/day, but overall many thousands of requests. In my experience a lot of them are from huawei and tencent cloud/ASN

Nephalis@discuss.tchncs.de · 1 hour ago

Yes, if that is true (and I am not that suprised about it) it is nearly impossible to block them this way.

irmadlad@lemmy.world · 16 hours ago

I’m wondering if you could run CrowdSec on the server and manually block the offenders if they are not already in the community blocklists.

SmokeyDope@piefed.social · 16 hours ago

Anubis is your friend

potatopotato@sh.itjust.works · edit-2 18 hours ago

deleted by creator