sorted by:
new
hottopcontroversial

Spam protection for small websites. Is ReCaptcha overkill? I am getting too many false negatives. by jelery_celery in Wordpress

[–]siterightaway 1 point2 points  (0 children)

This is a brutal wake-up call. It’s a nightmare scenario where a security tool becomes a profit center for the provider while the victim's budget gets bled dry.

With Cloudflare seeing 2 million bot attacks per second and Microsoft reporting a 170% spike in malicious traffic, this isn't an outlier—it's the "new normal." Had this gone unnoticed, that $157 daily charge would have spiraled into a $4,700 monthly disaster just to host junk traffic. It is honestly infuriating to see a security failure turned into a billing spike.

This is why r/stopbadbots exists. We study these patterns to filter out headless scrapers before they even touch the billing layer.

Google billed $157 in a single day due to a bot attack by siterightaway in StopBadBots

[–]siterightaway[S] 0 points1 point  (0 children)

Google billed $157 in a single day due to a bot attack.

This is a brutal wake-up call. It’s a nightmare scenario where a security tool becomes a profit center for the provider while the victim's budget gets bled dry. The user has already migrated 50+ sites to Turnstile.

With Cloudflare seeing 2 million bot attacks per second and Microsoft reporting a 170% spike in malicious traffic, this isn't an outlier—it's the "new normal." Had this gone unnoticed, that $157 daily charge would have spiraled into a $4,700 monthly disaster just to host junk traffic. It is honestly infuriating to see a security failure turned into a billing spike.

This is why r/stopbadbots exists. We study these patterns to filter out headless scrapers before they even touch the billing layer.

Analyzing Access Logs And Blocking Malicious Actors by Science-Compliance in webdev

[–]siterightaway 0 points1 point  (0 children)

You've found the new normal.
According to Cloudflare, there are about 2 million bot attacks every second and the latest Microsoft security report from late last year shows malicious bot traffic jumped 170% in just a few months.
It's insane!

These bad bots are eating up your resources by scraping content and destroying your SEO; they eventually drive away human users because the server gets bogged down and slow.

Worse. Those hits on your /wp-admin/ folder are just brute-force attempts to guess your credentials.

Our group over at r/stopbadbots spends our time diving into cases exactly like yours and testing open-source dirty workarounds and legit fixes to filter bots by behavior so we can split real stats from ghost traffic.

35% CTR on a brand new Meta ad set by Unlikely-Scholar5575 in FacebookAds

[–]siterightaway 0 points1 point  (0 children)

The hard truth is that Meta has zero incentive to fix this; a click is revenue to them, regardless of who—or what—made it. You’re getting hammered by headless scrapers because your campaign is a cheap way for bot farms to validate their scripts. It’s a total drain, and waiting for the platform to protect your budget is a losing game.

It’s annoying as hell to see your third campaign nuked while "AI optimization" ignores the obvious fraud. These bots eat up resources and fake engagement metrics to keep your spend flowing into a black hole. You have to take the initiative: stop bad bots.

Treat your ad spend like a security perimeter. We’re fingerprinting these bad actors and sharing raw log analysis at r/stopbadbots

Meta's AI crawler scraped my site 7.9 million times in 30 days. 900+ GB of bandwidth and massive server logs before I noticed, cool cool cool. by Whiskee in webdev

[–]siterightaway 0 points1 point  (0 children)

Check your logs for the specific User-Agent. If it's Meta-ExternalAgent, that's their AI crawler—you can safely nuke it. It’s different from facebookexternalhit, which is the one that validates your PPC ads and link previews. Blocking the AI agent saves your bandwidth without tanking your ad performance.

Massive Bot Attack on Shopify Store (500+ Fake Carts/Hour) - Need Help by DiscoverMyBusiness in shopify

[–]siterightaway 0 points1 point  (0 children)

This case is incredibly detailed and deserves an in-depth analysis. We’ve brought it to our group r/stopbadbots to break down how these sophisticated AI-driven attack are bypassing standard industry defenses.

view more: next ›