How to protect/monitor your site from crawling by malicious user

Posted by deathy on Stack Overflow See other posts from Stack Overflow or by deathy
Published on 2008-12-21T22:25:16Z Indexed on 2010/05/17 16:20 UTC
Read the original article Hit count: 374

Filed under:

website

|

crawling

|

screen-scraping

|

monitoring

|

protection

Situation:

Site with content protected by username/password (not all controlled since they can be trial/test users)
a normal search engine can't get at it because of username/password restrictions
a malicious user can still login and pass the session cookie to a "wget -r" or something else.

The question would be what is the best solution to monitor such activity and respond to it (considering the site policy is no-crawling/scraping allowed)

I can think of some options:

Set up some traffic monitoring solution to limit the number of requests for a given user/IP.
Related to the first point: Automatically block some user-agents
(Evil :)) Set up a hidden link that when accessed logs out the user and disables his account. (Presumably this would not be accessed by a normal user since he wouldn't see it to click it, but a bot will crawl all links.)

For point 1. do you know of a good already-implemented solution? Any experiences with it? One problem would be that some false positives might show up for very active but human users.

For point 3: do you think this is really evil? Or do you see any possible problems with it?

Also accepting other suggestions.

© Stack Overflow or respective owner

Related posts about website

Need help redirecting http://website.com/ to http://www.website.com/

as seen on Stack Overflow - Search for 'Stack Overflow'
What I'm trying to do is to redirect my website visitors who enter "website.com" to "www.website.com". I would do this with a standard redirect, but I don't know how to make a site specific to WWW or non-WWW addresses. I see that Firefox thinks my site is clearly different at the WWW version, because… >>> More
Official BETA release of Developer IT

as seen on Developer IT - Search for 'Developer IT'
We finally did it It’s been a week since our first online publish and our indexer robot is going as well as the website. We already have reach more than 20,000 articles and it’s only the begining. Stay tune on http://www.developerit.com/ >>> More
Get Visitors to Your Website Using Website Building Tips

as seen on Ezine Articles - Search for 'Ezine Articles'
Before building a website there are many things that you need to take in mind. For example, how are you going to design your website, what is it going to cost you, how long will it take you to build, etc. All of these things mentioned are important aspects to consider when designing a website, but… >>> More
Website Optimization - Requirement of Every Website

as seen on Ezine Articles - Search for 'Ezine Articles'
Website optimization is now days a must for each and every website to be on the top at search engines result pages. Also it has become a vital method to drive traffic to the website. >>> More
Website Basics - Planning Your Website

as seen on Ezine Articles - Search for 'Ezine Articles'
A website begins with an idea. You probably have an idea for a site and that is the reason that you are exploring your options more. Or you may be looking to getting into Internet Marketing and need to know what is involved in getting a site up and running. >>> More

Related posts about crawling

https & ajax crawling

as seen on Pro Webmasters - Search for 'Pro Webmasters'
We made on our webpage https://www.1point618.com a transition to ssl and now we using nearly entirely ajax to load the content. Therefore all urls of existing pages have changed. We used the 301 redirect as recommended, also we have implemented google's specification that the webpage is still crawl-able… >>> More
Understanding Ajax crawling of search site

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I have a couple of questions about Ajax crawling of site, which is kind of search engine itself. The base article explains the mechanism of making AJAX application crawlable. All this stuff with HTML-snapshots is clear and easy to implement, but I cant understand where will Google bot will get "the… >>> More
Ajax site not being crawled - have escaped fragment, what's wrong? [closed]

as seen on Pro Webmasters - Search for 'Pro Webmasters'
My site is anonkun.com. You can see that it's "ajax" and doesn't load much HTML. Here are some example pages: http://anonkun.com http://anonkun.com/?_escaped_fragment_= http://anonkun.com/stories/Dev-kun---FAQ/6ef881f8-cf48-4f87-a688-c585f23809c5 http://anonkun.com/stories/Dev-kun---FAQ/6ef881f8-cf48-4f87-a688-c585f23809c5… >>> More
Need to sanity-check my .htaccess, especially Limit GET POST line for Google repellent

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I need a sanity check on this .htaccess (from a WordPress site) I inherited from a 5 month+ old site. What's the symptom? Google + Bing crawl, but don't index any of the pages. Let me be clear: I'm not mad about "not ranking high." I think something is (accidentally) rejecting search engine indexing… >>> More
How to interpret number of URL errors in Google webmaster tools

as seen on Pro Webmasters - Search for 'Pro Webmasters'
Recently Google has made some changes to Webmaster tools which are explained below: http://googlewebmastercentral.blogspot.com/2012/03/crawl-errors-next-generation.html One thing I could not find out is how to interpret the number of errors over time. At the end of February we've recently migrated… >>> More