|
|
|
|
|
|
by tothrowaway
1344 days ago
|
|
|
Most bots don't bother setting cookies, or downloading CSS. Exploit this by including a dummy CSS file on your site that, on the backend, stores the visitor's IP in some kind of database, or sets a cookie. If you get multiple visits from an IP that never hit the CSS file, you can be reasonably confident the user is not legit. You need to be careful about not blocking good bots though. Do a reverse DNS lookup before actually blocking an IP to make sure it's not Googlebot, yandexbot, bingbot, slurp, etc. OpenResty is great for implementing this. It has the nice side effect of protecting you from run-of-the-mill DDoS attacks too. (I realize half my comments here are about OpenResty, but I have no affiliation with them. I'm just a happy user.) |
|
|