Ask HN: How do you guys stop scrapers from mirroring your site?
I'm about to put a ton of really useful, unique and valuable (in the CPC and usefulness sense) content online. Scrapers are very quickly going to want it all. How do you guys protect your content? [keeping in mind that suing someone offshore is difficult]
My current approach is going to be to limit all non-USA crawlers and crawlers that don't identify themselves as Google, Bing or someone else I care about. I'm planning on using nginx.conf and the maxmind country database to do this.
By limit I mean limiting each IP to viewing a maximum of 50 to 100 unique documents per day.
Any suggestions would be much appreciated.
28 comments
[ 3.0 ms ] story [ 40.8 ms ] threadIf the content is only accessible after you fill out a CAPTCHA, Google won't be able to index your content, and you won't have any visitors for scrapers to steal from you.
I suppose you could provide the content without a CAPTCHA if the user agent matches the crawlers of Google, Bing, etc. But it's still a bad idea because a lot (most?) of your users will bounce on the CAPTCHA, killing your ad revenue.
Personally, I wouldn't even bother with this. As long as other sites aren't outranking you with your own content then I don't see a problem. If they are outranking you with your own content, then you need to evaluate your SEO strategy.
So he will definitely outrank them if he owns the content.
They will comply with some removal requests, but sending a letter for each case of infringing content does not scale well.
It's a losing game, unless you don't mind making it hard for actual users to view your content.
The web, and computers in general, work by copying data. Trying to prevent that is like trying to "make water not wet" (Bruce Schneier).
> By limit I mean limiting each IP to viewing a maximum of 50 to 100 unique documents per day.
That won't do you any good, It's ridiculously simple to obtain unique IP addresses and proxies, not to mention that your database may blow up with that much data. :)
You probably can’t prevent this altogether, but you can probably do a lot to raise the cost of this type of crawling. The exception might be if there are people out to copy your content specifically and will actually tailor their crawlers to your countermeasures.
I know this won't prevent anyone else from being able to match your Google ranking on the free content, but it should mean that you can maintain your position as the "default place to go" for it, which should come with attached PageRank goodness. It also means you can institute per-account rate limits, rather than IP-based ones, which might help.
Check out bad-behavior: http://bad-behavior.ioerror.us/
Otherwise:
Use a honey-pot to catch browsers that don't obey robots.txt. Send yourself an email for every new IP address so you can catch any false positives.
Redirect requests with no user agent specified to your honey-pot URL.
Same for known bad/useless user agents: wget, curl, Bing, etc.
Validate supposed good crawler agents via reverse IP lookup - cache bad IP addresses - redirect to honey-pot URL
Filter remainder based on request rate over a given period (use a DB to cache requests). More than 1 request per second for 20 seconds = bot, more than 200 requests per day = bot : redirect to honey-pot URL
I've been doing this for a site with around 150K URLs for the past 4 years. Have about a 600 URLs blocked and around 35 user-agents.
One of my jobs is to scrape websites. The websites we scrape we have permission to scrape. Sadly many companys we work with don't have full time developers, or they have rules set up to stop other from scraping their site, that make it hard on us.
Other than Bad Behavior, I have circumvented all of the above suggestions. I don't know what Bad Behavior is and as far as I know I have not encountered it.
We falsify user agents to say they are browseres/google/whateversneeded. We script lynxs or write programs to type in login/pass, and change the page. We write programs to follow do_postback(with their var's) stuff that ASP.NET creates for multi page tables. We add in random time intervals to ease the load on some companies sites, and to circumvent blocks on others. We download and parse PDF, DOC, XLS, even some images. We have went as far as scraping Flash app's using Screen shots and OCR.
The list goes on. My point is that nothing is completely safe.