Forum sloooow again...

[Marc]

This website is running Apache 2.4.41 (w3techs.org), which was released 2019-08-14. The latest available is 2.4.63.

Err... wrong assumption

[TRon]

I know it was said no cloudflare but fwiw in related news this week "Trapping misbehaving bots in an AI Labyrinth"

[440bx]

I know it was said no cloudflare but fwiw in related news this week "Trapping misbehaving bots in an AI Labyrinth"

From the above link:

Today, we’re excited to announce AI Labyrinth, a new mitigation approach that uses AI-generated content to slow down, confuse, and waste the resources of AI Crawlers and other bots that don’t respect “no crawl” directives.

The new rat in a maze... where's the cheese ? 

[korba812]

I am not surprised by such initiatives since this is becoming a common problem:
https://thelibre.news/foss-infrastructure-is-under-attack-by-ai-companies/

[440bx]

The article that @korba12 linked to clearly shows that some companies are motivated by malice and not simply incompetence.

I was reading that and one thought crossed my mind to get rid of the problem which is: for a human it is difficult to visit more than 3 pages per second (implies good response time and someone who reads reasonably fast.) 

Presuming there are 500 real humans reading the forum and they are all "speed-pagers" (new term, I'm going to patent it ), that means the server would experience a maximum of 1500 requests per second.  That's still a fair amount  but, once the server sees that load then it could _require_ the user to be _logged in_ to honor the request.  No log in = request ignored.

This would cause the number of requests to drop rapidly and, the rule could be implemented for a lower number of requests per second, e.g, 500 to keep response time reasonably speedy at all times.

Since bots rarely log in, that could be a first line of defense.  Known bots that behave as they should could be issued a user and password by the administrator..

Just thinking out loud but, there has to be a way to insert long delays on non-human activity.

[Fred vS]

Could someone explain to me what the goal of these spammers is?

For example, on the uos forum (http://uos-forum.108.s1.nabble.com/), I have to delete new users and new spam threads every day.
What's the point of these spammers doing this? The same goes for the Lazarus forum. I'd really like to understand why they do this.

[Martin_fr]

Spammers differ from AI bots.

Spammers just want to place either
- some add to be read by humans
- more likely to be seen by search engines.

The spam does not have to be present for long. I don't know if they can predict when search engines will index, but if they can have the spam up while that happens, that is all that is needed.

Also they don't care, if 99% of there spam gets deleted. With modern tools they can often create the user fully automatically. That is, like with email, they can post a many million targets with their spam at no cost. If 0.1% remains online for some time, that is still many 10000s spam posts that will be read by people who could fall for it.

---
AI bots want to train some AI LLM model. Likely that is done repeatedly while it gets developed.  Using the live online source seems simple to be the cheapest options. Always the most actual data, no caching and no need to determine what needs update in the cache.

They are simply ignorant to the issues they cause, as long as they can speed up their development and keep it cheap to them.

[Fred vS]

Thanks Martin for this light.

But I still dont understand the goal behind this.

The messages they send seem random; they're not even commercial advertisements, just meaningless text. What's in it for them? How can they make money from it? It requires programming these bots, it requires them to use their bandwidth, so what's the point?

[Thaddy]

Meaningless text can also be a very old form of encryption, like book ciphers.
You can not dismiss this beforehand, however unlikely this seems.