Today in my logs I see the site anticrawler.org at "incoming" list. Well, people come to me from search engines and specific sites, usually, the single click from unknown site catch my eye.
I get to this URL, and see a single page site. No links, no pictures, just a "promotion" to put in my codes an foreign JS code.
Here starts phenomenons...
How someone "come" to me from a site with no entrance? Where it comes from? No inside pages, and on home page don't stay my URL, so no way someone to click it...
But there is "bots and crawlers protection code"... using "unique technology". Let we think about...
If you want to crawl my page, (and any other page) you will load HTML first. Then you will parse it to find URLs of pictures, JS codes etc... But you HAVE to load HTML to find them. Means, "the protection" will run AFTER you already crawl the page. Strange, and yeah, unique technology...
Moreover, JS must be loaded and must be parsed and executed, to run "the protection". If you are a bot, who just wants to crawl my pages to find emails, for example, will you care about JS code at all?
SO, this is NOT a protection. This code can do much of harm to you, your site and your visitors. Let me list why:
Unknown JS code runs on my page, inside a browser. Can show unwanted ads, for example. An this is just beginning... Can run anything else, like a bot-net client, virus spreading malware, cracking code...
But I got a click from this domain. So looks like the bogus JS code runs a crawler code. Clever idea, guys, to hide a crawler as "anti crawler protection"... It checks my site, maybe "just" crawling, but maybe also searching for the code itself, to do "something" else. I would be curious to know...
Beware unchecked code. Trust nobody, do all possible checks yourself.