Sunday, May 07, 2006

DDoS against rogue bots and scrapers!

Don't know if anyone has been following the trials and tribulations of Blue Security and their anti-spam tool the Blue Frog with over 400K members, but their technique could be useful against scrapers. Basically what Blue Frog does is automatically send opt-out requests to spammers from every member in their network which overloads the spammers servers and sends them crashing or maybe even blocks their ability to spam while the pipeline is choked with inbound requests.

So this concept stewed in my brain for a couple of days and suddenly it occurs to me that bots could be stopped the same way with a large enough network of anti-bot members. The concept is simple in that any active crawlers caught in the act could simply be pinged to death for a brief period to stop them with brute force. That's right, we could aim thousands of servers at unwanted active crawlers and literally DDoS them into leaving us alone.

Worse case, they aren't crawling when their pipeline is choked.

Best case, they take a hint and stop hitting member sites.

That method in itself COULD make an entire community of networked webmasters deal death blows to scrapers, blog spammers, and all sorts of nasty vermin.

Hell, why not fight fire with fire and use the tools of the underground against them?

If you can locate a scraper's site we could also just deploy spiders to simply crawl them offline. That's right, do the same thing they do and crawl them so hard and fast the damn server can't even respond to requests. Hit them with so many different servers at the same time they can't even identify who's doing it in time to stop it.

Remember, if visitors can't get to your web site then the purpose of scraping to build the website becomes meaningless.

Here's where I think this strategy might pay off as scrapers on shared servers just might get the boot when the host figures out that they're the reason for the attacks. Likewise, colo facilities might even boot dedicated servers when a network of unhappy webmasters retaliate and choke a major hosts data pipe repeatedly.

Does is sound like vigilanteism?


Why shouldn't we do it?

Nobody else is helping us as neither their web hosts, the copyright laws, Google AdSense nor Yahoo Publisher Network seem to be interested in helping us stop this plague so maybe it's time to deploy full blown internet warfare tactics like Blue Security in order to stop the madness!

In the immortal words of Mel the cook on Alice:
"The best DEFENSE is a good OFFENSE!"

No comments: