Attackers explain how an anti-spam defense became an AI weapon.

Building on an anti-spam cybersecurity tactic known as tarpitting, he created Nepenthes, malicious software named after a carnivorous plant that will “eat just about anything that finds its way inside.”

Aaron clearly warns users that Nepenthes is aggressive malware. It’s not to be deployed by site owners uncomfortable with trapping AI crawlers and sending them down an “infinite maze” of static files with no exit links, where they “get stuck” and “thrash around” for months, he tells users. Once trapped, the crawlers can be fed gibberish data, aka Markov babble, which is designed to poison AI models. That’s likely an appealing bonus feature for any site owners who, like Aaron, are fed up with paying for AI scraping and just want to watch AI burn.

  • micka190@lemmy.worldEnglish
    4·
    7 hours ago

    Any good web crawler has limits.

    Yeah. Like, literally just:

    • Keep track of which URLs you’ve been to
    • Avoid going back to the same URL
    • Set a soft limit, once you’ve hit it, start comparing the contents of the page with the previous one (to avoid things like dynamic URLs taking you to the same content)
    • Set a hard limit, once you hit it, leave the domain altogether

    What kind of lazy-ass crawler doesn’t even do that?

    • skulblaka@sh.itjust.worksEnglish
      2·
      6 hours ago

      The way I understand it, the hard limit to leave the domain is actually the only one of these rules that would trigger on Nepenthes. The tar pit keeps generating new linked pages full of trash.