This was interesting: how the “AI” theftbots (yes, I’m coining that word) affected Autocade’s traffic. We had blocked a bunch of them already—notably the western ones and ByteDance—but there were many others that still got through. This is from Cloudflare, but even their default settings miss a bunch, especially Chinese ones, and they don’t detect Google and Tencent users who are running their own private theftbots. Cloudflare’s bot fight mode, meanwhile, is too heavy-handed and we saw it block legitimate IPs that I’m sure we had whitelisted. Like so many things, you can’t fight machines using just machines: you need a human element in there.
You can see where we started getting a handle on the extra bots, notably the dozens of Tencent addresses hitting us thousands of times a day. Also note the cache patterns: if the cached percentage is running so low, something is wrong. The theftbots were trying different parts of the site that hadn’t been cached—indeed, they may have been web app attackers searching for vulnerabilities—so there wasn’t anything in the cache to serve. Toward the end of September, the percentage starts rising because humans were requesting familiar content.
The damage that “AI” is mounting on everyday businesses is huge, not to mention its environmental effects. Autocade isn’t even our most trafficked (by humans) website and those businesses that don’t have security measures in place could find their traffic goes through the roof.
Can’t these people stay with the data they have already illegally obtained? No wonder the bubble remains: they have to keep going to keep up appearances because they are too heavily invested, like a gambler whose lucky streak ended a while ago. We’re going to see the theftbots run for a while yet—no one can pinpoint when it all goes to custard—but we should be ready when they’re no longer the flavour of the month.
You may also like
