5 Anti-Scraping Techniques You May EncounterFriday, August 09, 2019
With the advent of big data, people start to obtain data from the Internet for data analysis with the help of web crawlers. There are various ways to make your own crawler: extensions in browsers, python coding with Beautiful Soup or Scrapy, and also data extraction tools like Octoparse.
However, there is always a coding war between spiders and anti-bots. Web developers apply different kinds of anti-scraping techniques to keep their websites from being scraped. In this article, I have listed the five most common anti-scraping techniques and how they can be avoided.
One of the easiest ways for a website to detect web scraping activities is through IP tracking. The website could identify whether the IP is a robot based on its behaviors. when a website finds out that an overwhelming number of requests had been sent from one single IP address periodically or within a short period of time, there is a good chance the IP would be blocked because it is suspected to be a bot. In this case, what really matters for building an anti-scraping crawler is the number and frequency of visits per unit of time. Here are some scenarios you may encounter.
Scenario 1: Making multiple visits within seconds. There's no way a real human can browse that fast. So, if your crawler sends frequent requests to a website, the website would definitely block the IP for identifying it as a robot.
Solution: Slow down the scraping speed. Setting up a delay time (e.g. "sleep" function) before executing or increasing the waiting time between two steps would always work.
Scenario 2: Visiting a website at the exact same pace. Real human does not repeat the same behavioral patterns over and over again. Some websites monitor the request frequency and if the requests are sent periodically with the exact same pattern, like once per second, the anti-scraping mechanism would very likely be activated.
Solution: Set a random delay time for every step of your crawler. With a random scraping speed, the crawler would behave more like how humans browse a website.
Scenario 3: Some high-level anti-scraping techniques would incorporate complex algorithms to track the requests from different IPs and analyze their average requests. If the request of an IP is unusual, such as sending the same amount of requests or visiting the same website at the same time every day, it would be blocked.
Solution: Change your IP periodically. Most VPN services, cloud servers, and proxy services could provide rotated IPs. When requests are being sent through these rotated IPs, the crawler behaves less like a bot, which could decrease the risk of being blocked.
About web scraping challenges:
Have you ever seen this kind of image when browsing a website?
1.Need a click
2.Need to select specific pictures
3.Need to type in/select the right string
These images are called Captcha. Captcha stands for Completely Automated Public Turing test to tell Computers and Humans Apart. It is a public automatic program to determine whether the user is a human or a robot. This program would provide various challenges, such as degraded image, fill-in-the-blanks, or even equations, which are said to be solved by only a human.
This test has been evolving for a long time and currently many websites apply Captcha as anti-scraping techniques. It was once very hard to pass Captcha directly. But nowadays, many open-source tools can now be applied to solve Captcha problems though they may require more advanced programming skills. Some people even build their own feature libraries and create image recognition techniques with machine learning or deep learning skills to pass this check.
It is easier to not trigger it than solve it
For most people, the easiest way is to slow down or randomize the extracting process in order to not trigger the Captcha test. Adjusting the delay time or using rotated IPs can effectively reduce the probability of triggering the test.
3. Log in
Many websites, especially social media platforms like Twitter and Facebook, only show you information after you log in to the website. In order to crawl sites like these, the crawlers would need to simulate the logging steps as well.
After logging into the website, the crawler needs to save the cookies. A cookie is a small piece of data that stores the browsing data for users. Without the cookies, the website would forget that you have already logged in and would ask you to log in again.
Moreover, some websites with strict scraping mechanisms may only allow partial access to the data, such as 1000 lines of data every day even after log-in.
Your bot needs to know how to log-in
1) Simulate keyboard and mouse operations. The crawler should simulate the log-in process, which includes steps like clicking the text box and "log in" buttons with mouse, or typing in account and password info with the keyboard.
2) Log in first and then save the cookies. For websites that allow cookies, they would remember the users by saving their cookies. With these cookies, there is no need to log in again to the website in the short term. Thanks to this mechanism, your crawler could avoid tedious login steps and scrape the information you need.
3) If you, unfortunately, encounter the above strict scaping mechanisms, you could schedule your crawler to monitor the website at a fixed frequency, like once a day. Schedule the crawler to scrape the newest 1000 lines of data in periods and accumulate the newest data.
UA stands for User-Agent, which is a header for the website to identify how the user visits. It contains information such as the operating system and its version, CPU type, browser, and its version, browser language, a browser plug-in, etc.
An example UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
When scraping a website, if your crawler contains no headers, it would only identify itself as a script (e.g. if using python to build the crawler, it would state itself as a python script). Websites would definitely block the request from a script. In this case, the crawler has to pretend itself as a browser with a UA header so that websites could provide access for it.
Sometimes website shows different pages or information to different browsers or different versions even if you enter the site with the same URL. Chances are the information that is compatible with one browser while the other browsers are blocked. Therefore, to make sure you can get into the right page, multiple browsers and versions would be required.
Switch between different UA's to avoid getting blocked
Change UA information until you find the right one. Some sensitive websites which apply complex anti-scraping techniques may even block the access if using the same UA for a long time. In this case, you would need to change the UA information periodically.
So how could you know whether a website applies AJAX?
A website without AJAX: The whole page would be refreshed even if you only make a small change on the website. Usually, a loading sign would appear, and the URL would change. For these websites, we could take advantage of the mechanism and try to find the pattern of how the URLs would change. Then you could generate URLs in batches and directly extract information through these URLs instead of teaching your crawler how to navigate websites like humans.
A website with AJAX: Only the place you click will be changed and no loading sign would appear. Usually, the web URL would not change so the crawler has to deal with it in a straightforward way.
For some complex websites developed by AJAX, special techniques would be needed to find out unique encrypted ways on those websites and extract the encrypted data. Solving this problem could be time-consuming because the encrypted ways vary on different pages. If you could find a browser with build-in JS operations, then it could automatically decrypt the website and extract data.
Web scraping and anti-scraping techniques are making progress every day. Perhaps these techniques would be outdated when you are reading this article. However, you could always get help from us, from Octoparse. Here at Octoparse, our mission is to make data accessible to anyone, in particular, those without technical backgrounds. As a web-scraping tool, we can provide you ready-to-deploy solutions for all these five anti-scraping techniques. Feel free to contact us when you need a powerful web-scraping tool for your business or project!
Author: Jiahao Wu
Megan Mary Jane. 2019. How to bypass anti-scraping techniques in web scraping. Retrieved from: https://bigdata-madesimple.com/how-to-bypass-anti-scraping-techniques-in-web-scraping/