Cloudflare is ratcheting up its fight against bots with a new “fight mode,” which it says will frustrate and disincentivize bot operators from their malicious activity.
Bots are notorious for scraping websites and abusing developer access to download gobs of user data. All too often bots try to game the system by scraping concert or airline ticket prices to buy in bulk at their lowest price and sell them off for higher. Worse, some imitate real users and brute-force their way into websites with lists of stolen passwords.
Cloudflare gets three billion bot requests each day. Now the company said it has “decided to fight back.”
Its new “bot fight mode,” which Cloudflare today enabled as a free opt-in feature for all accounts, will detect and serve bots with deliberately computationally intensive challenges. As the bot tries to crunch the impossible puzzle — effectively a small bit of code only visible to the bot — the bot’s server will max out its processing power, churning up cloud resources and driving up costs for the bot operator.
While the company says its efforts will dissuade bot activities in the long run, it recognizes its efforts in the short term will result in cloud servers working overtime, thus consuming more electricity and requiring more cooling — all of which contribute to greater energy consumption.
“We loved the idea of frustrating bots,” John Graham-Cumming, Cloudflare’s chief technology officer, told TechCrunch. But he said the company was “mindful” of how the spike in bot resources — like electricity and cooling — are directly linked to carbon emissions. Some internally had initially objected to the plan if it would result in contributing to the use of natural resources, he said.
The company found a simple solution: to plant trees to offset the carbon emissions from the bot’s activity but also their takedown.
“By making bots do extra work we may be increasing carbon emissions from the [processor] usage and decided to offset through tree planting which will have a long-term effect,” said Graham-Cumming. “In the long term our goal is simple: ending malicious bots as a viable practice.”
Each tree planted can absorb about a year’s worth of dual-core computing power. But given trees need time to grow, Cloudflare said its donations will result in the planting of 25 trees for each frustrated bot the company encounters and shuts down.
Planting trees will offset the carbon, Graham-Cumming said, but reducing the number of bad bots on the internet will have the greatest net benefit.
“If we’re successful in doing that, the environmental impact will be substantial and positive given how many internet resources are wasted by malicious bots today,” he said.
Frustrating bots isn’t Cloudflare’s only weapon. When it can, it will ask one of its industry partners to pull the bot offline. If the bot is hosted by a company that serves as a member of the Bandwidth Alliance, a group of some of the largest cloud and web hosts, Cloudflare will hand over the internet address in order to shut down the bot.
Cloudflare isn’t the only player in the anti-bot space. Earlier this year we profiled Kasada, a startup aimed at trolling bots in an effort to deter and disincentivize bot operators from targeting its customers’ websites. Cloudflare said its scale and reach — with coverage of more than 20 million internet properties — will help contribute to the faster demise of the so-called bot economy.
Graham-Cumming said although the feature is opt-in for now, the company is planning to push the feature out by default to its users before the end of the year.
read more at https://techcrunch.com by Zack Whittaker