2 comments

[ 3.6 ms ] story [ 18.9 ms ] thread
That seems like a misguided cat and mouse game. Unless the thing you're monetizing is actually human eyeballs (and arguably ads would be better with a pull model rather than push anyway, but I digress), would it not be better to identify the negative externalities bots are causing for you and just block those?

If they're generating low quality content then block that shit. If they're brute-forcing logins then add mandatory delays. If they're straining server resources then add rate limiting. If they're bypassing that with multiple IPs and preventing paying customers from accessing resources then bucket your resources according to "paid" and "everyone else."

You're going to track the metrics you care about anyway and start twiddling parameters to temporarily prevent the dumbest bots from causing harm. Instead of figuring out how the current batch of crawlers behaves and trying to engineer human-friendly countermeasures that'll work for a few months for some of your "attackers," is it really that much harder to just engineer your system to throw away garbage it doesn't want regardless of whether the originator is human?