Maybe design kind of a captcha task for them?
Comment on I wonder if it would be possible to force the AI crawlers to mine crypto
NaibofTabr@infosec.pub 3 weeks ago
Hmm, how would you convince the crawler to run your code on its home system, rather than just scraping data?
gigachad@piefed.social 3 weeks ago
Little8Lost@lemmy.world 3 weeks ago
NaibofTabr@infosec.pub 3 weeks ago
If you install a captcha as part of your web server, that code is running on your server.
The crawler interacting with the captcha on your server will not result in cryptominer code running on its server.
gigachad@piefed.social 3 weeks ago
True, but it’s more about solving the captcha as in finding its solution. However, there is no solution, but only a never ending task of calculation (the mining). Of course this is highly hypothetical as I do not know anything about cryptomining (and I also don’t want to know more about it).
NaibofTabr@infosec.pub 3 weeks ago
Without getting into the technical details, the main cost offset of running a cryptominer is the electricity used. If the crawler performs cryptominer calculations on your server it will be of no benefit to you, because you will still have to pay the electricity bill, and really it’s not the crawler doing the calculations, it’s your own server hardware.
Flax_vert@feddit.uk 3 weeks ago
Isn’t that what Anubis was doing? Making it run code so it wasn’t worthwhile, but people adjusted AI crawlers to run code?
plz1@lemmy.world 3 weeks ago
“Proof of work”. The AI crawlers don’t run Javascript (yet, I don’t think), so it’s basically a firewall to them.
Aatube@kbin.melroy.org 3 weeks ago
I'm fairly sure Anubis was made because some crawlers did run JavaScript
Little8Lost@lemmy.world 3 weeks ago
Some can from what i understood
And not only JS but other code too like SQL
I remember the somewhat recent case where someone vibecoded something and the AI viped the database
Aatube@kbin.melroy.org 3 weeks ago
That's a local AI agent not an online crawler
NaibofTabr@infosec.pub 3 weeks ago
There’s a functional difference between forcing a crawler to interact with code on your server that wastes its time, and getting it to download your code and run it on its own server - the issue being where the actual CPU/GPU/APU cycles happen. If they happen on your server then it’s not benefiting you at all, it’s costing you the same amount as just running the cryptominer directly would.
Any halfway intelligent administrator would never allow an automated routine to download and run arbitrary code on their own system, it would be a massive security risk.
lagoon8622@sh.itjust.works 3 weeks ago
That’s not how Anubis works. You’re likely thinking of Nepenthes
fruitycoder@sh.itjust.works 3 weeks ago
“would never allow an automated routine to download arbitraru code” javascript and wasm being the leading tech to do exactly this. Make those essential for loading content and bypassing it would have to be bespoke solutions depending on the framework and implementations.