What is content scraping? | Web scraping

内容抓取或网页抓取是指机器人从网站上下载或"抓取"所有的内容,并通常为了恶意使用该内容。

学习目标

阅读本文后,您将能够:

  • 了解什么是内容抓取
  • 了解网页抓取机器人的工作原理
  • 阐释攻击者为何会抓取内容
  • 了解如何防止内容抓取

复制文章链接

What is content scraping?

Content Scraping Bot

Content scraping, or web scraping, refers to when a bot downloads much or all of the content on a website, regardless of the website owner's wishes. Content scraping is a form of data scraping. It is basically always carried out by automated bots. Website scraper bots can sometimes download all of the content on a website in a matter of seconds.

Content scraping bots are often used to repurpose content for malicious purposes, such as duplicating the content for SEO on websites the attacker owns, violating copyrights and stealing organic traffic. Content scraping may involve filling out and submitting forms to access additional gated content, and as a byproduct this results in junk data in a company's database. Additionally, fulfilling HTTP requests from bots takes up server resources that could otherwise be dedicated to human users.

How do bots scrape content?

A website scraper bot will generally send a series of HTTP GET requests and then copy and save all the information that the web server sends in reply, making its way through the hierarchy of a website until it's copied all the content.

More sophisticated scraper bots can use JavaScript to, for instance, fill out every form on a website and download any gated content. "Browser automation" programs and APIs allow automated bot interaction with websites and APIs as if they were using a traditional web browser in an attempt to trick the website’s server into thinking a human user is accessing the content.

Sure, an individual could manually copy and paste an entire website instead, but bots can crawl and download all the content on a website often in a matter of seconds, even for large sites like e-commerce sites with hundreds or thousands of individual product pages.

What kinds of content do content scraping bots target?

Bots can scrape anything posted publicly on the Internet – text, images, HTML code, CSS code, and so on. Attackers can use the scraped data for a variety of purposes. Text can be reused on another website to steal the first website's search engine ranking, or to deceive users. An attacker could use a website's HTML and CSS code to duplicate the look of a legitimate website, or the branding of another company. Cyber criminals can use stolen content to create phishing websites that trick users into entering personal information by looking like the real version of another website.

What other kinds of web scraping are there?

Contact scraping

This refers to scanning websites for contact information such as phone numbers and email addresses, and then downloading that information. Email harvesting bots are a type of scraper bot that specifically target email addresses, usually for the purpose of finding new targets for spam.

Price scraping

This is when one company downloads all the pricing information from a competitor company's website so that they can adjust their own pricing accordingly.

See What is data scraping? to learn more.

How can companies prevent web scraping?

Bot Management solutions can identify bot behavior patterns and mitigate bot scraping activities, often with the help of machine learning. Rate limiting can also help prevent content scraping: A real user is not likely to request the content of several hundred pages in a few seconds or minutes, and any "user" making requests that quickly is likely a bot. CAPTCHA challenges can also help sort out the real users from the bots.

Cloudflare Bot Management is designed to block content scraping attacks, along with bot mitigation for other kinds of malicious traffic. Unlike rate limiting or CAPTCHA solutions, the machine-learning-based Cloudflare Bot Management can identify bots based on behavioral patterns, resulting in less friction for users and fewer false positives (users accidentally identified as bots).Smaller organizations can also block content scraping attacks and gain visibility into their bot traffic with Super Bot Fight Mode, now available on Cloudflare Pro and Business plans.