this post was submitted on 30 Mar 2025
4 points (100.0% liked)

Selfhosted

45453 readers
273 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
4
Cheapskate's Guide: Nuking web-scraping bots (cheapskatesguide.org)
submitted 5 days ago by [email protected] to c/[email protected]
15 comments fedilink hide all child comments
 

Lemmy newb here, not sure if this is right for this /c.

An article I found from someone who hosts their own website and micro-social network, and their experience with web-scraping robots who refuse to respect robots.txt, and how they deal with them.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 5 days ago (3 children)

They block VPN exit nodes. Why bother hosting a web site if you don't want anyone to read your content?

Fuck that noise. My privacy is more important to me than your blog.

[–] [email protected] 1 points 3 days ago

A problem with this approach was that many readers use VPN's and other proxies that change IP addresses virtually every time they use them. For that reason and because I believe in protecting every Internet user's privacy as much as possible, I wanted a way of immediately unblocking visitors to my website without them having to reveal personal information like names and email addresses.

I recently spent a few weeks on a new idea for solving this problem. With some help from two knowledgeable users on Blue Dwarf, I came up with a workable approach two weeks ago. So far, it looks like it works well enough. To summarize this method, when a blocked visitor reaches my custom 403 error page, he is asked whether he would like to be unblocked by having his IP address added to the website's white list. If he follows that hypertext link, he is sent to the robot test page. If he answers the robot test question correctly, his IP address is automatically added to the white list. He doesn't need to enter it or even know what it is. If he fails the test, he is told to click on the back button in his browser and try again. After he has passed the robot test, Nginx is commanded to reload its configuration file (PHP command: shell_exec("sudo nginx -s reload");), which causes it to immediately accept the new whitelist entry, and he is granted immediate access. He is then allowed to visit cheapskatesguide as often as he likes for as long as he continues to use the same IP address. If he switches IP addresses in the future, he has about a one in twenty chance of needing to pass the robot test again each time he switches IP addresses. My hope is that visitors who use proxies will only have to pass the test a few times a year. As the whitelist grows, I suppose that frequency may decrease. Of course, it will reach a non-zero equilibrium point that depends on the churn in the IP addresses being used by commercial web-hosting companies. In a few years, I may have a better idea of where that equilibrium point is.

[–] [email protected] 0 points 5 days ago (1 children)

They block VPN exit nodes. Why bother hosting a web site if you don’t want anyone to read your content?

Fuck that noise. My privacy is more important to me than your blog.

It's a minimalist private blog that sets no 3rd party cookies and loads no 3rd party resources. I presume that alleviates your concerns? 😜

[–] [email protected] 0 points 4 days ago (1 children)

The admin could use a CDN and not worry about it, if it's just static content.

[–] [email protected] 3 points 3 days ago

I believe using a CDN would defeat the author's goal of not being reliant on third-party service providers.

[–] [email protected] 0 points 5 days ago (1 children)

and filtering malicious traffic is more important to me than you visiting my services, so I guess that makes us even :-)

[–] [email protected] 0 points 4 days ago (1 children)

You know how popular VPNs are, right? And how they improve privacy and security for people who is them? And you're blocking anyone who's exercising a basic privacy right?

It's not an ethically sound position.

[–] [email protected] 0 points 4 days ago (1 children)

You had me until the "ethically sound position" part.

You're saying that Joe Blogger is acting unethically because he doesn't allow VPN users to visit his site. C'mon, brother.

[–] [email protected] -1 points 4 days ago (1 children)

You're saying targeting people who are taking steps to improve their privacy and security is ethical? Out do you just believe that there's no such thing as ethics in CIS?

[–] [email protected] 1 points 1 day ago* (last edited 1 day ago)

You're putting words in my mouth. I didn't say that. Targeting sounds like specifically doing it with an agenda.

What you're saying the equivalent of being offended that you can't bring guns inside someone's private property because they don't want to, period. "It is not ethical that you forbid me from exercising my constitutional rights of bearing arms in your house. How dare you not allowing me to put my AK-47 in your kitchen counter!"

Nope. I said that if someone doesn't want to deal with VPN users because it's more hassle than worth (e.g. bots), then so be it. Joe Blogger may get 20 visitors a month instead of 24. Oh the horror!

I am a huge advocate of privacy laws. But if Joe Blogger doesn't allow me in his personal website, eh. I might try archive.org.