Pleased to share a page and explainer for the AI tarpit project Science is Poetry, with legal statement, rationale(s), and a few deployment notes:
https://julianoliver.com/projects/science-is-poetry/
The page may grow a bit. Just wanted to get it out the door.
If you're interested in learning more about implementations of resistance in this era of unchecked Big AI, direct action strategies and the techno-politics therein, be sure to check out ASRG's site (https://algorithmic-sabotage.gitlab.io/asrg/) and give them a follow here on Mastodon (@[email protected]).
They've put a lot of heartbeats and neurons - human stuff - into this area.
A newcomer frantically lost in the Caves of Babble.
----
3.215.221.125 - - [16/Apr/2026:06:14:25 +0200] "GET /noodles/images/primigenous/orchiepididymitis/Lord/havent.png HTTP/1.1" 200 111459 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Chrome/119.0.6045.214 Safari/537.36" "-"
----
Do you have an unused domain that you would be happy to donate to a counter-offensive against unchecked & unregulated AI crawlers that scrape human-made content to simulate & deceive for profit?
If so, pls reply to this post. Your domain would become an entrypoint to the AI tarpit & Poison-as-a-Service project below, allowing concerned public to choose to use it on their sites, helping make the project more resilient to blacklisting.
Thanks for all the domain donations, a beautiful thing!
Listed on the landing page:
And copied into this post:
https://carrot.mro1.de
https://car.rot.mro1.de
https://ca.rr.ot.mro1.de
https://sygrovelaw.co.nz
https://wholesaletechnology.co.nz
https://goldenageproductions.co.nz
https://kginno.eu
https://outgoing.nz
https://unbreak.nz
https://poetry.rainskit.com
https://poetry.narthur.com
https://madhattercorp.com
https://sustainable-collective.org
https://sustainable-collective.de
https://c0-cloud.de
I have only linked them here and on the landing page, and already it's gone nuts.
These are *solely* the new domains you've donated, all in one log. These do not pertain to the project domain.
I've started to harvest a list of AI crawler endpoint addrs for your blacklisting pleasure.
I'll try to keep it updated. I've been fastidious with ensuring I'm only pulling those related to the known user agent, so as not to have any false positives
https://scienceispoetry.net/files/parasites.txt
It is at the same path for all contributed domains.
For instance:
It's approaching DoS at this point. This just one of the VMs, and just OpenAI's parasite.
Threading's holding up but need some more tuning of rate limits and burst. Trying sending 429's now to ask them to play nice.
To think the www was built for people.
And here we are
Even faster now.
Again, these pages are randomly generated, and each line is a page request from a crawler.
To think of the energy expended at a global scale, the waste. All the money, water & minerals thrown at this. These AI companies are near DoS'ing the human web as they deep-sea trawl our content.
Computationally, infrastructurally, & culturally, it's an obscenity,
- Mum, if you made a chain out of all the endpoint addresses of AI crawlers, how far would it reach?
- All the way to the moon, darling. All the way to the moon.
Here's a thing I did in a couple of mins to ban all IPs in the parasites.txt serverside. You could ofc REJECT rather than DROP to send a message.
---
#!/bin/bash
while read parasite;
do
if [[ "$parasite" == *"."* ]]; then
iptables -I INPUT -s "$parasite" -j DROP
elif [[ "$parasite" == *":"* ]]; then
ip6tables -I INPUT -s "$parasite" -j DROP
fi
done < /path/to/parasites.txt
---
Actual hits dropping slightly, but more data is pulled from the tarpit day on day. This is reflected by a higher proportion of HTTP 200's - so less bad req's. Less reaching for what isn't there, just want the madness.
Unclear why this has changed.
My log analysis shows that what these AI crawlers do is swarm content to get around rate limiting; with many end-points each can be limited to sane human defaults and their automation can still harvest content at massive scales from the same source in little time.
I noticed however that (for unknown reasons) Anthropic started reducing the number of crawler endpoints, tapering down traffic from them. So I doubled the rate to 2/s. This added over 100k hits to the logs in a day.
Nearly a month later you would've thought that the crawlers would've given up by now, dropped off, blacklisted the IPs, or perhaps even the domains themselves.
And yet no. As I tentatively guessed, thanks to your donated domains (and the people linking them in their sites) it has only grown.
I don't expect it to run this hot for the long term, but yesterday's hit count (these are almost 100% reads of randomly generated pages by AI crawlers) was near 1M.
For any naysayers out there as to how effective all this is, or could be, some recent research shows you can do a lot with a little:
https://arxiv.org/abs/2510.07192
Researchers found that a very small corpora of poison content has largely the same impact, regardless of the size of the data in the model itself:
"We find that 250 poisoned documents similarly compromise models across all model and dataset sizes, despite the largest models training on more than 20 times more clean data."
Poisoning attacks can compromise the safety of large language models (LLMs) by injecting malicious documents into their training data. Existing work has studied pretraining poisoning assuming adversaries control a percentage of the training corpus. However, for large models, even small percentages translate to impractically large amounts of data. This work demonstrates for the first time that poisoning attacks instead require a near-constant number of documents regardless of dataset size. We conduct the largest pretraining poisoning experiments to date, pretraining models from 600M to 13B parameters on chinchilla-optimal datasets (6B to 260B tokens). We find that 250 poisoned documents similarly compromise models across all model and dataset sizes, despite the largest models training on more than 20 times more clean data. We also run smaller-scale experiments to ablate factors that could influence attack success, including broader ratios of poisoned to clean data and non-random distributions of poisoned samples. Finally, we demonstrate the same dynamics for poisoning during fine-tuning. Altogether, our results suggest that injecting backdoors through data poisoning may be easier for large models than previously believed as the number of poisons required does not scale up with model size, highlighting the need for more research on defences to mitigate this risk in future models.
Ye gads it's gone absolutely silly.
I spent a good part of my morning trying to work out if it was a veiled DoS or actual harvesting while keeping the thing up. Status codes are good, 96.5% are real page reads from the usual AI crawler suspects.
A big network in Singapore with "www.google.com" (but not GoogleBot) User Agent string is responsible for some of it. But the rest is just frantic feeding.
Server is running hot. To keep it up I'm having to further tune ratelimiting, bursts etc.
I've added these kindly donated new domains to the ridiculous landing page at https://scienceispoetry.net/
- poesie.kornshell.xyz
- whatthefuckisgoingonwithmyhorroscope.today
- poetry.danielarmengol.com
- poetry.usolab.com
- poetry.pinchito.com
- poetry.interactionphilia.com
I've done the log analysis and the two biggest contributors that brought the AI crawler hits up to 2 million in a day, a 4x increase on a week prior, are ByteSpider (Singapore networks) and especially AppleBot (used for Siri and other Apple products).
The parasites.txt is now >4500 lines long:
I'm glad to share the traffic summary from the 1st month of Science is Poetry. It has been wild, & I've learned a lot!
Things started to get quite silly on the 7th, when AppleBot (Siri, other products) joined the fray, adding 2k+ endpoints to the list & feeding so fast I had to shape them down to keep the server up.
Then came the 8th, which legit looked like DoS from a network in Singapore sending a 'www.google.com' UA, despite evidently not being GG. 3.8M page requests in one day, gulp.
For those curious, here's a line from the logs from one of the endpoints in the mysterious Singapore swarm:
---
47.79.192.138 - - [10/May/2026:07:23:11 +0200] "GET /noodles/polycladose/some_unyouthful HTTP/1.1" 200 13906 "https://www.google.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36" "-"
---
That is one of 1,993,530 hits from that 47.79.0.0/16 network, in those 24hrs.
EDIT: GG url in string wants to preview.
As of today, AI crawlers from Apple, Anthropic, OpenAI, Amazon, Meta, ByteSpider and Google are all still feeding manically on the endlessly generated babble, totally captive to it.
They could stop, but are instead dedicating an enormous amount of resources. They show no signs of slowing, with the exception of Apple whom had a pathological day 1 honeymoon period, before settling in with the others.
PerplexityBot has dropped off for now. I'd really like to know why, but figure I never will.
To celebrate, here's some log output during the siege, this time in colour.
Why? Because coloured logs is one of the nice things we can actually have.
Alas I've not been able to keep up with the replies, losing track of a few domain donations across the various threads.
These new domains were added today:
doofenshmirtz-evil-incorporated.com feedme.newflesh.art science.commune.tel science.emenel.ca fragilealliance.org teslagraf.com terminalsciences.com cardboardprogrammer.com book.players1715.com
Thanks a lot for these contributions, they join the others in significantly increasing the haul size and resilience
Pleased to share Tarpit TV. Now you can tune in to all the good work that your contributed domains are doing, as countless trapped AI crawlers eat model-noodling trash served from your domains, line by line, and in shiny Technicolor (TM)
rtmp://scienceispoetry.net/live/tarpit
You can use VLC or any other stream player.
If not CLI shy, with ffmpeg installed & on Unix:
`ffplay rtmp://scienceispoetry.net/live/tarpit`
Worth mentioning Tarpit TV should also work for every domain on the https://scienceispoetry.net landing page (RIP geocities).
For instance:
rtmp://dreckiger.schleimpilz.ch/live/tarpit
rtmp://tender.horse/live/tarpit
rtmp://sales.luddite.academy/live/tarpit
Status: 9M hits from AI crawlers, <0.1% human.
---
My first server was Apache on Suse Linux, in yr 2000. I've since deployed numerous webservers, many high traffic
Never guessed I'd one day be deploying a web project almost entirely for bots.
This is a view under the hood; the web is now more bot than human.
Our ideas, expressions, work, are being stolen for simulation & profit by a handful of companies, & at a scale comparable to deep-sea trawling.
It is our moral imperative to fight back.
Everyone is giving out a big hurrah for old style web with blogs and sites. No one could justify this for a blog they're running themselves. These traffic costs are not affordable for small or vanity web, unless they knew how to fight this. And, lets face it, someone doing a portfolio or a blog is not going to learn how to stave off the hoards.
Doing the math for me, if I did not have the firewall up like it is, I'd have to pay at least 3x more for my site a month. Most likely more since they'd keep hitting me when they knew it was a success.
I really think the solution, instead of fail2ban and honeypots, is setting up bad data sites that are very attractive to the bots. The recursive nature of searches and data selling databases would send that bad data to the top of the heap in short order. Once that happens enough, they would end up rethinking this scraping behaviour. It wouldn't be a simple low roi it would be a net loss every time they scraped.
@mgiraldo Very kind! All domains are welcome. All that is required are the following records:
A: 95.216.76.85
AAAA: 2a01:4f9:2b:c83::2
Once set, let me know and I'll do the rest, then report back :-)
https://en.wikipedia.org/wiki/Anubis_(software) ??
recently helped deploy this on a mates old forum site that he keeps online for nostalgia and memories.. but it was getting hammered into the ground by bot army.. it appears to have helped substantially.
Have you tried feeding some of this back to the greynoise sensor network? Looking up the reputation of some of these IP addresses they seem squeaky clean but they're in your logs a lot.
eg
https://viz.greynoise.io/ip/74.7.243.50
@JulianOliver I feel for you. I am already fighting back. Last week, my Prometheus metrics hit the mark of 100 million requests from AI crawlers.
I'm using iocaine, and it helps a lot!
https://lukasrotermund.de/posts/fighting-ai-and-llms-with-iocaine/
@lukasrotermund Yikes, that is a lot of traffic. I took a look at Iocaine and it does look pretty good. Here's my approach for a very high volume tarpit:
so evil hehe@JulianOliver
🤣 👇
ffplay rtmp:/madhattercorp.com/live/tarpit
😵💫
@JulianOliver just have to say, some of the urls that pass by are pure gold
@pratched I thought they would have given up on the project's destination IP, or even the canonical domain, long ago. And yet they just keep going, and at a rate that even increases.
My emerging belief is that - for all their billions of dollars - this scraping is entirely automated, with next to no oversight. At least for now.
@JulianOliver ah yes! dystroy's tools are so cool!!! ✨
(i forgot about rhit because it's not in the debian repos, yet 😅)
@mgiraldo Answering that in earnest would require knowing more than I do about the unique model training approaches of each LLM. As a guess it may not be as poisonous as Markov content from well know corpuses like popular books, or famous papers. However some of the bigger bots seem good at detecting this, and so drop-off anyway. I had poor retention results this way.
There may be references, faux terms & partials in randomly produced sentences that could sneak in to training datasets.
@JulianOliver one strategy to defend against this. A tiny bit memory intensive but I think manageable.
This is not for your project but for anyone defending against I scrapers.
Crawler A pulls page A and gets a link to page B. This is specific to the request and invisible in the page or else try to only serve up to crawlers.
Crawler B tries to pull page B but we know it never pulled page A so can't know about it. Ban both A and B.
This has to check source IP and keep track of that. But!
@JulianOliver found another great one. Maybe the greatest of all time:
https://madhattercorp.com/blog/hasnt/digitizer%20provided%20obsoleteness
Julian Oliver
г ⲉ τ e c Ⴙ
mgiraldo
FKA ZOG
Future Sprog
Lukas Rotermund
themadhatter
Kevin
David LeP0le
pratched
gregsted
Tom
Aleph Two
malte
Feral 3D
[SUBJECT_NAME_HERE]
PsySal
Scott Murray 
🍋 Superball ☀️
neoluddite