Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Txp human detection
skewray wrote #340620:
I would have to switch hosting services, which I don’t really want to do. My hosting service does have something similar. Second, I don’t think Cloudflare stops the bots in question.
You’d need to switch your name servers to Cloudflare, and then Cloudflare handles your DNS records. Assuming your domain registrar allows you to change name servers to Cloudflare, you’re golden – no change of hosting company needed.
The process is:
- Add domain to Cloudflare (no changes to existing DNS yet)
- Cloudflare detects existing DNS records, imports them into its system (no changes to existing DNS yet)
- Cloudflare tells you the 2x name servers for your domain (no changes to existing DNS yet)
- You switch your domain to use the Cloudflare name servers (this switches DNS to Cloudflare)
- You then start using Cloudflare for your DNS records stuff.
I can do a screencast example if you’d like to see how it’s done.
For those with Cloudflare, does it stop bots coming from an ISP that do a single access and never come back? Can you check your logs?
Cloudflare has all manner of checks for bots, even on the free tier. You get more granularity & services if you pay them, but the free tier is absolutely fine for a lot of people who don’t want to worry about most bots. It won’t stop proper search bots checking your site, so you’re unlikely to lose any SERPs ranking as a result.
I use Cloudflare for almost all my sites DNS since it’s reliably the fastest (or top 3) DNS resolver. I don’t personally use the protection side of things, but I know if / when I get trounced by whatever invasion, I can flip a switch and get a heap of stuff at my disposal.
And you can always switch your name servers back again, you’re not beholden to Cloudflare for anything going forward.
Offline
Re: Txp human detection
I set Cache-Control: no-cache,no-store,max-age=0 in both .htaccess and the php code. Very belt-and-suspenders. No change in behaviour; it still loads a cookie but refreshes to human.php content. Caching doesn’t seem to be the (only) issue.
Last edited by skewray (2025-09-23 17:13:08)
Offline
Re: Txp human detection
Cloudflare: I checked; my hosting does not allow a change in DNS server. I guess I could ask them if they could make a special hole for me. They’ve done stuff like that before.
I am, however, slightly skeptical that Cloudflare will block the agents that are irritating me. I am trying to protect intellectual property from becoming LLM fodder; I think Cloudflare’s main intent is to prevent high server loads. Am I wrong here?
Offline
Re: Txp human detection
I tried:
RewriteRule "^articles/.+" human.php?tt=%{TIME} [QSA,L,R=302]It still reloads human.php. Mysteries!
(I’ve only tested with Firefox. Could be that, but it should work in every browser anyway.)
Last edited by skewray (2025-09-25 15:21:58)
Offline
Re: Txp human detection
skewray wrote #340627:
Cloudflare: I checked; my hosting does not allow a change in DNS server. I guess I could ask them if they could make a special hole for me. They’ve done stuff like that before.
May I ask which domain(s) is / are affected? It’s a domain registrar thing rather than a hosting thing, and I can’t recall ever seeing a domain registrar locking down name servers so they can’t be changed.
(Room read: I’m aiming for ‘helpful’ not ‘pedantic’.)
I am, however, slightly skeptical that Cloudflare will block the agents that are irritating me. I am trying to protect intellectual property from becoming LLM fodder; I think Cloudflare’s main intent is to prevent high server loads. Am I wrong here?
There’s nothing stopping you going belt + braces with Cloudflare + your own server-side efforts. It’s possible there’s more to the bot traffic that’s outside the scope of the logs, and it’s possible that it’s not just you being affected by it…so it’s possible Cloudflare have something in place to stop some / most / all of it already. For the sake of a name server switch to Cloudflare for 24 hours or so for an A / B check on your traffic, I’d consider doing it. Factor in your time and defensive measures already in place, and it might pay off.
…and worst case scenario, just flip your name servers back, and you’re out of Cloudflare. Done.
Offline
Re: Txp human detection
Since I only tinker with DNS records once a decade, all knowledge drains out of my brainpan. Previously I was looking at the DNS records at my hosting provider, which, in fact, does not hold my DNS records. My DNS records at my email provider have an “A” record that points to an IP address at my hosting provider. Cool. I assume that I tell Cloudflare about that IP address, so that my website doesn’t become unmoored from the universe. I may try this at some point.
Offline
Re: Txp human detection
skewray wrote #340627:
I am, however, slightly skeptical that Cloudflare will block the agents that are irritating me. I am trying to protect intellectual property from becoming LLM fodder; I think Cloudflare’s main intent is to prevent high server loads. Am I wrong here?
Cloudflare has specific rules and protocols for blocking LLM training bots: https://developers.cloudflare.com/bots/concepts/bot/#ai-bots
This is totally free as well. As for your DNS migration to Cloudflare, it’s incredibly simple! You just plug your domain in and it pulls your existing records. All you have to do is set new nameservers on your domain registrar. I highly recommend letting cloudflare manage your DNS, as it is very low latency DNS with a lot of free tools. And, if you wanted to let cloudflare handle your domain registration – they actually charge you at-cost, no additional fees. (no affiliation with cloudflare, just a very happy free customer)
Offline
Re: Txp human detection
Found a list of bad, and not so bad (see comments) bots that may be of interest to you.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Online
Re: Txp human detection
I’ve seen this bot list before. But bad bots that identify themselves have become extremely rare. I already reject/accept all the self-identifying bots that I’ve seen come by my site. It’s the ones that pretend to be people that I am working on.
This week, I had googlebot come by, as well as another bot pretending to be a browser. They had the same IP address. Isn’t that interesting?
Offline
Re: Txp human detection
Bloke wrote #340548:
Inserting variables inside PHP blocks can be done in a few ways. From least to most future-proof:
<txp:variable name="my_var" value="Hello world" />...
<txp:variable name="my_var" value="Hello world" />...
<txp:variable name="my_var" value="Hello world" />...
Out of interest, as it came up in the other thread, can you also make txp:php pass its output into a variable?
I know you can do:
<txp:variable name="my_var" trim>
<txp:php>
echo "something";
</txp:php>
</txp:variable>and
<txp:php>
global $variable;
$variable['my_var'] = "something";
</txp:php>but is there also a way via an attribute?
TXP Builders – finely-crafted code, design and txp
Offline
Re: Txp human detection
In 4.9, the variable attribute is global and should do exactly what you need:
<txp:php variable="my_var">
echo "something";
</txp:php>Offline
Re: Txp human detection
etc wrote #340714:
In 4.9, the
variableattribute is global and should do exactly what you need:
<txp:php variable="my_var">...
Brilliant. It does! I tried it with the name attribute and had no luck, hence my question Using variable as the attribute makes complete sense.
TXP Builders – finely-crafted code, design and txp
Offline