top | item 45711276

(no title)

goodthink | 4 months ago

I have yet to see any bots figure out how to get past the Basic Auth protecting all links on my (zero traffic) website. Of course, any user following a link will be stopped by the same login dialog (I display the credentials on the home page). The solution is to make the secrets public. ALL websites could implement the same User/Pass credentials: User: nobots Pass: nobots Can bot writers overcome this if they know the credentials?

discuss

CaptainOfCoit|4 months ago

> Can bot writers overcome this if they know the credentials?

Yes, instead of doing just a HTTP request, do a HTTP request with authentication, trivial really. Probably the reason they "can't" do that now is because they haven't came across "public content behind Basic Auth with known correct credentials", so the behavior hasn't been added. But it's literally loading http://username:password@example.com instead of http://example.com to use Basic Auth, couldn't be simpler :)

8organicbits|4 months ago

The technical side is straightforward but the legal implications of trying passwords to try to scrape content behind authentication could pose a barrier. Using credentials that aren't yours, even if they are publicly known, is (in many jurisdictions) a crime. Doing it at scale as part of a company would be quite risky.

morkalork|4 months ago

The bot protection on low traffic sites can be hilarious in how simple and effective it can be. Just click this checkbox. That's it. But it's not a check box matching a specific pattern provided by a well-known service, so until the bot writer inspects the site and adds the case it'll work. A browser running openai operator or whatever its called would immediately figure it out though.

lfkdev|4 months ago

Not sure if I can follow you, why would credentials known by anyone stop bots?

thrance|4 months ago

Clever solution, but it will only work as long as it doesn't become mainstream, or even a tiny bit more popular.

throw-10-13|4 months ago

[deleted]

iberator|4 months ago

[deleted]

goodthink|4 months ago

Three score and seven years old. How old are you? Good insane or bad? lol I can't infer it from the comment. Here are links to my 3D, multiuser, "coin-toss as a service" apps: https://chalculator.com/gaas/?world=cutcards https://chalculator.com/gaas/?world=diceroll User: croquet Pas: yadayadayada

Let the bot scraping begin.

(These were the impetus for the BA strategy. Some of the assets are large. And they were getting downloaded A LOT. Not anymore.)