Michael Buckbee
28 Mar 2024
This week, learn how to (and if you should) block AI bots from accessing your site. Our experiences migrating the backend of our application to JumpStartPro and why you should be very cautious about handling DS_Store files.
Should you be blocking AI data-gathering bots from your site? The answer is not as straightforward as it seems.
For each site, you need to consider:
To top it off, since AI bots don’t show up in analytics, you probably have no idea how many requests they make to your site daily.
As we’re trying to bring more awareness to the problem, we’re sharing the guide on socials:
Not on either of those? Email support@wafris.org and we will send you a copy.
If you’re a current Wafris user (at any plan level), you now have access to a new AI Bot blocking specific Ruleset.
Log into your Wafris account on https://hub.wafris.org, choose “Ruleset,” and then “Apply”
This week, we published our experience of migrating the backend of our management site to Jumpstart Pro. This has been a great time saver for us as we didn’t need to burn dev cycles on already-solved problems.
Read more here: https://wafris.org/guides/our-experience-migrating-to-jumpstart-pro
If you use a Mac and git, double-check that ".DS_Store" files are in your .gitignore. Why? 🤷🏻♂️
Bots search specifically for the files since they contain listings of all the other files in their directory, potentially exposing you to sensitive information.
As further protection: add a Wafris path rule to block any requests containing “DS_Store”.
Whether you’re moving towards SOC2 compliance, need to block AI bots or just aren’t sure how to handle an influx of “weird” traffic in your logs, there is a clear trend: you don’t want to deal with any of this.
Which is where we come in, Wafris is specifically designed to help take the security burden off of solo devs and small teams via our security automation and integrated incident response support.
So, if you’re dealing with issues you’d rather not this week, talk to us so you can get back to doing more of the work you like:
We're on a mission to better secure every web app on internet. Here's some ways you can jump in:
Wafris is the free open source WAF that you can use to understand and visualize the requests hitting your apps and then take steps to protect them. It's still in early development, but you can signup for the waitlist to get early access at wafris.org
Bad bots and probes hit sites within minutes of being put on the Internet. Sort the good from the bad by identifying request IPs as coming from bots, Tor networks, VPNs, proxies and malware hosts at wafris.org/ip-lookup
If you have any questions or need help finding the right way to handle web app security issues, please let us know at: help@wafris.org
