Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Blocking crawlers is dead simple:

Find a way to build an API for your data that allows you both to make money.

Any effort besides that is wasted.

Honey pots links? Great my crawler only clicks things that are visible. See capybara.

IP thresholds? Great I have burner IPs that hit a good page of yours until I’m blocked (am I time banned, captchad or perma) and then I back that number out across my network of residential IPs (bought through squid, hello or anyone else) and a mix of tor nodes ( I sample your site with that too) to make sure I never approach that number. But then I also geolocate the IP so it’s only crawling during sensible browsing hours for that location.

Keystrokes detection? yeah I slow down keystrokes so it looks like Grandma is browsing

Mouse detection? looks like Michael j Fox is on your site (that’s an old Dell or Gateway Commercial reference don’t be mad)

Poison the well? I get a page from multiple IPs and headless browser combinations on different screen orientations and if I detect odd changes in data I flag that URL for a turk to provide insight/tune the crawler.

I keep the screenshot and full payload (css,js,html) that I use over time to do more devious shit like render old versions of your page behind a private nginx server so I can re-extract pieces of data I may have missed.

Stop trying to stop the crawling and figure out how to create a revenue stream.



Caveat to my wasted effort comment:

Your'e an e-commerce site that has a problem with people buying goods (especially virtual goods, ebooks, gift cards, etc)[1] with stolen credit cards. You need a solution.

The hardest thing I've ever had to crawl (as I mention in another comment in this thread) has been linkedin and Facebook. Why? Because I have to be logged in to get the data I want.

If you want to stop crawlers you can also put the good stuff behind auth, but you need a solid auth mechanism. You can't just do email verification because I'll use shit like https://www.mailinator.com to generate a ton of fake emails to sign up for your site.

[1] Why virtual goods? You can't stop shipping or track down the person once the card is reported stolen.


> [1] Why virtual goods? You can't stop shipping or track down the person once the card is reported stolen.

In the meantime, virtual good are also zero-cost : when you sell a ebook and the transaction is cancelled by the bank, you didn't lose anything, it's not like the buyer was willing to pay anyway.


Until you see someone do it with buying gift cards. Those people are bastards. In that case using a service that helps detect fraudulent card usage is bueno.


I dont stop crawlers, I only randomly feed damaged/wrong data to crawlers.

I especially loving doing this for e-commerce sites. Now the table has turned. Try guess which fraction of your scrapped data were wrong.


My point is you’re not detecting the ones that you should be the most concerned with.


Problem is as developers, sometimes we only have hammers for these screws.


How would this stop crawling by users who cannot afford the API subscription or don't want to pay for it?

I think your suggestion would reduce crawling, but not prevent or block it.


Build a revshare API.

I assume the people that can't afford it are using it for non-revenue generating purposes. I don't know that I'd care about those people if they aren't taking away from my bottom line.


Because you'd presumably need to authenticate (and have a paid account) to access the data.


I think they meant, since they can't afford the API, they'd just keep crawling your HTML. Combo move the API and putting your stuff behind auth and you solve a lot of the problem.

You've gotta get that good yummy content publicly accessible for google though, so you'll rank. So, that's a balancing act.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: