Mastodawn

Our apology to the humans who had to do an extra click: https://autocade.world/2025/12/our-apology-to-the-humans-who-had-to-do-an-extra-click/ #AI #theftbots

Our apology to the humans who had to do an extra click

We’re sorry we inconvenienced 42 people today—a record number—who had to complete a challenge on the main site. Please know that this is down to a record number of “AI” theftbots and cybercriminals trying to hack Autocade (as well as Lucire). As they up their ante, we’ve had to broaden the challenge

Autocade World

Jack Yan (甄爵恩)Dec 8

In my #blog
Block and challenge away—there are so few exceptions, it’s like winning the lottery

https://jackyan.com/blog/2025/12/block-and-challenge-away-there-are-so-few-exceptions-its-like-winning-the-lottery/ #theftbots #Cloudflare #BigTech

Block and challenge away—there are so few exceptions, it’s like winning the lottery

A few months ago, we began getting very vigilant about scrapers (or theftbots, as I call them) and other dodgy parties. The defaults in Cloudflare weren’t enough. It became a daily habit to check if there were any attacks and to block IP addresses if the default Cloudflare settings hadn’t done it. We also

Jack Yan: the Persuader Blog

Jack Yan (甄爵恩)Dec 7

Where are the Autocade scrapers coming from today? Of the latest, six are from #Tencent, and the other 19 are from #Google. Blimmin’ #theftbots.

Jack Yan (甄爵恩)Dec 3

More dodgy activities from crooked #Google customers … 800–900 hits aren’t much but coordinated with four or more other addresses from googleusercontent.com—you get the picture. These are probably scrapers running #theftbots on Google, or hackers probing for vulnerabilities.

Show thread

Jack Yan (甄爵恩)Nov 18

@sylvie Cloudflareʼs list of bots that users can apply is really small. I used it and it barely put a dent into the theftbot activity. Hardly any of the Chinese ones were there. Instead I had to add my own rules (checked daily) and only then did the traffic levels return to normal. I imagine they were never prepared for just how many #theftbots are out there.

Jack Yan (甄爵恩)Nov 18

RE: https://wandering.shop/@silverspookgames/115572330340124761

Considering #Google has been setting #theftbots on our sites, allowing its customers to set theftbots on our sites, literally financing disinformation created by “#AI”, and indexing bot-written crap highly to keep us searching, then I am quite happy to see them go. Whoever is left, those of us who didnʼt egg on this bubble, who tried to do right by the planet, might make a better internet than these greedy bastards. Bye, boys.

Jack Yan (甄爵恩)Oct 22

2010: Visitor stats are up on the websites! Great!

2025: Visitor stats are up on the websites! Letʼs check the security settings to make sure there arenʼt any new “#AI” #theftbots we failed to block!

Show thread

Jack Yan (甄爵恩)Oct 19

@djoerd They definitely do. We block one called Google-CloudVertexBot, and we also block anything coming from googleusercontent.com. You can see where we managed to deal with most of the #theftbots in the middle of the graph:

https://jackyan.com/blog/2025/10/the-trails-of-the-theftbots/

A lot were from Tencent and ByteDance. Tencent hits this site over 30,000 times a day (still does).

The trails of the theftbots

This was interesting: how the “AI” theftbots (yes, I’m coining that word) affected Autocade’s traffic. We had blocked a bunch of them already—notably the western ones and ByteDance—but there were many others that still got through. This is from Cloudflare, but even their default settings miss a bunch, especially Chinese ones, and they don’t

Jack Yan: the Persuader Blog

Show thread

Autocade Oct 18

And that was actually down to #theftbots, which we now have under control. Astonishing how much traffic they wasted.

Autocade Oct 9

Ten thousand page views over the last 24 hours, which means we are keeping not only the known “#AI” #theftbots at bay, but the private ones as well.