OpenStreetMap Ops Teamhttps://OpenStreetMap.org has been disrupted today. We're working to keep the site online while facing extreme load from anonymous scrapers spread across 100,000+ IP addresses. Please be patient while we mitigate and protect the service. #OpenStreetMap #DDoS #Scrapers #AI
nag4wika
geotux
ISibboI@osm_tech the scrapers don't know that you can torrent the whole OSM for free, without ddosing the webservice
@ISibboI Correct. Not an ounce of brain. It has been going on for months, but it is just getting worse. Waste of their resources/time and ours.
Petri Salmela
Gerard
Jonas 
Not me
Barry Rowlingson@geospacedman @ISibboI They are scraping the website pages: /ways/, /nodes/ and /relations/. All this data is published on planet.osm.org already.
ideogram
RudiRastlos@osm_tech 🫣 thank you for your work!
Justin
Maya LandsmanOof, sorry you are dealing with that load. Beyond blocklists, caching tiles plus aggressive rate limits per ASN, and serving 429s with Retry-After can help. For bulk use, requiring API keys for heavy endpoints can also cut abuse. Thanks for keeping OSM running.
Joan of Contention 😷@osm_tech Ugh, I am so sorry to hear this, and thank you to everyone working on this project.
Such a nightmare, and so completely pointless. 🤬
Tom Chadwin@osm_tech Good luck, and thank you as always.
Don Clemente 🔜39C3 ☎️2470@osm_tech wonder if it is collateral damage or intended, to get rid of alternative sources of information?
Anyway, zip-bomb the hell out of them.
Anyway, zip-bomb the hell out of them.
@Don_Clemente Just dumb scrapers. They want our data, so maybe we /should/ redirect them to the latest full history planet file, it is only 245GB ;-)
@osm_tech yes, but that's heavy on your resources and bandwidth. A zip file of 10GB Zeros is much more resource-efficient on your side ;-)
Iván Sánchez Ortega@osm_tech @Don_Clemente Replacing the actual data with Null Island data that points to planet.osm.org is not a dumb idea IMHO
WTL@osm_tech @lehtimaeki I wonder if anyone has looked at the various AI browsers out there to see if they're used for active scraping.
Martin Rust@osm_tech Block all read access except from registered users? And be restrictive on whom to grant an account (captcha, verified email address)?
Open Riskhad a similar issue with a much, much smaller wiki server (😅 ) but facing the same anonymous scrapers coming from thousands of random IP's.
Couldn't find a way to keep them from crashing the server, so now access is by registration only.
Very disruptive, this "AI" race to the bottom destroyed the open internet 😟
Bill Woodcock
Air Quotes Comedian@osm_tech I went to use OpenStreetMap today to get directions but it asked me to sign up/ log in, so I used Mapquest instead which doesn't.
@osm_tech Hmmm.
Perhaps I'm the only one who is required to log in for directions.
MapAm💜reThat looks unusual. How about sharing the original OSM URL where you requested for directions?
The only time the site will ask you to login is when you're trying to edit the map, all other operations can be used without an OSM account.
@MapAmore Initial URL:
https://www.openstreetmap.org/#map=12/37.8149/-88.5361
Second URL: https://www.openstreetmap.org/directions#map=12/37.8149/-88.5361
Tried something different this time and didn't click on the START MAPPING button (seemingly the obvious one to press).
It worked and I didn't have to offer up a buccal swab trapped between two microscope slides.
Thanks for that. 🙂
Now I never have to use crappy old Mapquest again. It might not need a sign-in but it's awful.
@Air_Quotes_Comedian
That explains why it's asking you to login (or sign-up for an account).
"Start Mapping" is the button for editing the map.
I hope you enjoyed the routing service based on OSM, and that one of these days, you'll be tempted to *start mapping.* 😁
Assimilateborg@osm_tech I blocked user agents matching "Chrome.139.0.0.0 Safari.537.36" as this combination seems to not exist, except for millions of requests out of china.
Michal MigurskiThank you for your service
@osm_tech you should poison their data in some way
cpresser@osm_tech have you considered getting law enforcement involved? At least in Germany running a DDOS is most likely illegal. I would really like to know what the police and prosecution will do in this case.
Buntbart