Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://lonely.town/users/ayo/statuses/113870941131204265">Ayo (ayo@lonely.town)'s status on Wednesday, 22-Jan-2025 17:37:37 JST</a><a href="https://lonely.town/@ayo" title="ayo@lonely.town"><img src="https://gnusocial.jp/avatar/6046-48-20220817151227.webp" width="48" height="48" alt="Ayo" style="position: absolute; left: 0; top: 0;">Ayo</a><div><a href="https://social.kernel.org/objects/bdf17cad-d432-428a-8391-f8bcf8052be1" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/115010" title="corbet@social.kernel.org">Jonathan Corbet</a></li><li><a href="https://gnusocial.jp/user/301528" title="johnefrancis@cosocial.ca">John Francis 🦫🇨🇦🍁💪⬆️</a></li></ul></div></section><article><p><a href="https://social.kernel.org/users/corbet">@corbet</a> <a href="https://cosocial.ca/@johnefrancis">@johnefrancis</a> <a href="https://fosstodon.org/@LWN">@LWN</a><br>Struggling with likely the same bots over here. I deployed a similar tarpit* on a large-ish site a few days ago - taking care not to trap the good bots - but can't say it's been very successful. It might have taken some load off of the main site, but not nearly enough to make a difference.</p><p>One more thing I'm considering is prefixing all internal links with a '/botcheck/' path for potentially suspicious visitors, set a cookie on that page and strip that prefix with JS. If the cookie is set on the /botcheck/ endpoint, redirect to the proper page, otherwise tarpit them. This way the site would still work as long as the user has *either* JS or cookies enabled. Still not perfect, but slightly less invasive than most common active defenses.</p><p>*) <a href="https://code.blicky.net/yorhel/infinite-slop" rel="nofollow noreferrer">https://code.blicky.net/yorhel/infinite-slop</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4420046#notice-8653325">In conversation</a><time datetime="2025-01-22T17:37:37+09:00" title="Wednesday, 22-Jan-2025 17:37:37 JST">about 4 months ago</time> <span>from <span><a href="https://lonely.town/@ayo/113870941131204265" rel="external" title="Sent from lonely.town via ActivityPub">lonely.town</a></span></span><a href="https://lonely.town/@ayo/113870941131204265">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: code.blicky.net</div><h5><a href="https://code.blicky.net/yorhel/infinite-slop">infinite-slop</a></h5><div> from <span>yorhel</span></div></header><div>Random garbage web page generator</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Ayo (ayo@lonely.town)'s status on Wednesday, 22-Jan-2025 17:37:37 JSTAyo
in reply to
@corbet @johnefrancis @LWN
Struggling with likely the same bots over here. I deployed a similar tarpit* on a large-ish site a few days ago - taking care not to trap the good bots - but can't say it's been very successful. It might have taken some load off of the main site, but not nearly enough to make a difference.
One more thing I'm considering is prefixing all internal links with a '/botcheck/' path for potentially suspicious visitors, set a cookie on that page and strip that prefix with JS. If the cookie is set on the /botcheck/ endpoint, redirect to the proper page, otherwise tarpit them. This way the site would still work as long as the user has *either* JS or cookies enabled. Still not perfect, but slightly less invasive than most common active defenses.
*) https://code.blicky.net/yorhel/infinite-slop
In conversationabout 4 months ago from lonely.townpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: code.blicky.net
  infinite-slop
  from yorhel
  Random garbage web page generator

Public

Embed Notice

HTML Code

Corresponding Notice