Logo

SudoVersity

SudoMistress
Feb 1, 2025

AI Bots Irritate Me

I help a lot of people with their websites. The frameworks/platforms range from WordPress to complex JAMStacks. Some are simple blogs, others complex applications. Many I do not host, but a few I do. For each case, I have monitoring set up with UptimeRobot to let me know when it’s not reachable.

Friday, I received a notification that a site I watch was down with a 403 (permission denied) error and then immediately received an email from the hosting provider, HostArmada, about an issue with SQL queries.

Let me state that I have an insane amount of respect for HostArmada. I highly recommend them if you need hosting for a single site, or a VPS. And they are incredible for their managed WordPress hosting solutions. So many individuals I help end up hosted there.

HostArmada’s internal monitoring reported a WordPress site had performed more than 160,000 SQL queries in ~10 minutes. They immediately put a block on the site to save resources for other sites I have hosted on that server as well.

I was incredibly perplexed, because the site in question gets no more than 200-300 visits per month. So for it to go bonkers like that, my spidey sense started tingling.

Enter the bot

I headed to the graphs at both the server and CloudFlare level to look at the traffic. Holy macaroni, I did not expect this.

IMAGE

Image Credit: SudoMistress
IMAGE

Image Credit: SudoMistress

Heading over to CloudFlare, I ticked the “Under Attack” mode on and went to investigate.

Love logs

Into the logs I went. I found line, after line of this:

CODE 
4.227.36.65 - - [31/Jan/2025:12:25:39 +0100] "GET /en/search/%25252525252525252525257Bsearch_ter/feed/rss2/ HTTP/1.1" 200 580 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)"

…and…

CODE 
4.227.36.65 - - [31/Jan/2025:12:25:39 +0100] "GET /?s=%252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525 HTTP/1.1" 200 7322 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)"

…and it just kept going.

Block all the things

With a bit of digging I found the published CIDR blocks for OpenAI gptbot.

To fix this problem, I implemented a rule at the CloudFlare level to block any IP in those blocks.

Everything’s fine now, but man, I hate AI bots.