With Pascal being my first "adult" language, not used in 20 years ... it is surprising how readable that code is. Makes me wish for such simpler times.
Is there a reason for using Selenium over something like Playwright? I haven't had very many positive experiences with selenium, and playwright I found is easier to use and more flexible.
There's quite a few ways to figure out that a browser is a bot, and I don't think replacing a few values like this does much. Not asking you to reveal any tricks, just saying that if you're using something like Playwright, you can e.g. run scripts in the browser to adjust your fingerprint more easily.
I am quite aware, but I actually built most of the scraping logic a long time ago, before I even knew that playwright was a thing.
I am looking to refactor a lot of this, and switching over to playwright is a high priority, using something like camoufox for scraping, instead of just chromium.
Most of my work on this the past month has been simple additions that are nice to haves
I was in a similar boat with my scrapers. Started with Selenium 5-6 years ago and only discovered Playwright 2 years ago. Spend a month or so swapping the two, which was well worth it. Cleaner API, async support.
With the custom headers, you can actually trick a lot of sites with bot protection to let you load their sites (even big sites like youtube, which I have found success in)
Another cool trick is to deny all the content types you don't care about in your playwright.
so if you only want text why bother allowing requests for fonts, css, svgs, images, videos, etc
Just request the html and cap down all the other stuff
PS: I also think this has the nice side-effect of you consuming less resources (that you didnt care about/need anyways) from the server, so win win
Not a web scraper, but a web crawler software. Allows to specify method of crawling, selenium, and others. Returns data in JSON (status code, text contents, etc).
> extract data from websites with precision using XPath selectors.
I've used XPath for crawling with selenium, and it used to be my favorite way, but turned out quite unreliable if you don't combine it with other selectors as certain website are really badly designed and have no good patterns.
So what's the added value over pure selenium?
I used to scrape back in the day when it was easy (literally just make a request and parse html). Seems cloudflare checkboxes / human verification are very commonplace nowdays. Curious how(/if) web scrapers get around those?
1. Clicking the box programmatically – possible but inconsistent
2. Outsourcing the task to one of the many CAPTCHA-solving services (2Captcha etc) – better
3. Using a pool of reliable IP addresses so you don't encounter checkboxes or turnstiles – best
I run a web scraping startup (https://simplescraper.io) and this is usually the approach[0]. It has become more difficult, and I think a lot of the AI crawlers are peeing in the pool with aggressive scraping, which is making the web a little bit worse for everyone.
[0] Worth mentioning that once you're "in" past the captcha, a smart scraper will try to use fetch to access more pages on the same domain so you only need to solve a fraction of possible captchas.
First time hearing of the fetch() approach! If I understand correctly, regular browser automation might typically involve making separate GET requests for each page. Whereas the fetch() strategy involves making a GET for the first page (just as with regular browser automation), then after satisfying cloudflare, rather than going on to the next GET request, use fetch(<url>) to retrieve the rest of the pages you're after.
This approach is less noisy/impact on the server and therefore less likely to get noticed by bot detection.
This is fascinating stuff. (I'd previously used very little javascript in scrapes, preferring ruby, R, or python but this may tilt my tooling preferences toward using more js)
Almost. I mean it's not like fetch(..) is going to lead to some esoteric kind of HTTP request method. I am guessing parent comment is saying what it is saying because fetch will utilize the cookies and other crumbs set by the successful completion of the captcha. If you can take all those crumbs and include it in your next GET request, you don't need to resort to utilizing fetch.
Scammers will use fingerprints from their victims browser/IP/geolocation to try and impersonate them, you basically can buy not only stolen credentials but also the environment in which to run them -safely- from such vendors
Some CDNs go to the length of fingerprinting the TLS and HTTP/2 handshakes to see if you're a bot. As others have mentioned, using an automated browser tends to be the broadest solution.
Low effort baseline would be https://seleniumbase.io/, to drive a preconfigured web browser that looks relatively human to the network service. Typically it just clicks through the one-click captcha:s.
If that's not good enough you'll likely have to fiddle with your own web driver and possibly a computer vision rig to manage to click through 'find the motorcycle' kind of challenges. Paying a click farm to do it for you is probably cheaper in the short run.
An important hurdle is getting reputable IPv4 addresses to do it from, if you're going to do it a lot. Having or renting a botnet could help, but might be too illegal for your use case.
Funny, I saw this HN headline just after banning another scraper's IP range
You're welcome to scrape my sites but please do it ethically. Idk how to define that but some examples of things I consider not cool:
- Scraping without a contact method, or at least some unique identifier (like your project's codename), in the user agent string.
This is common practice, see e.g.: <https://en.wikipedia.org/wiki/User-Agent_header#Format_for_a...>. Many sites mention in public API guidelines to include an email address so you can be contacted in case of problems. If you don't include this and you're causing trouble, all I can do is ban your IP address altogether (or entire ranges: if you hop between several IPs I'll have to assume you have access to the whole range). Nobody likes IP bans: you have to get a new IP, your provider has a burned IP address, the next customer runs into issues... don't be this person, include an identifier.
- Timing out the request after a few seconds.
Some pages on my site involve number crunching and take 20 seconds to load. I could add complexity to do this async instead, but, by having it live, the regular users get the latest info and they know to just wait a few seconds and everybody is happy. Even the scrapers can get the info, I'm fine computing those pages for you. But if you ask for me to do work and then walk away, that's just rude. It shows up in my logs as HTTP status 499 and I'll ban scrapers that I notice doing this regularly
- Ignoring robots.txt.
I have exactly 1 entry in there, and that's a caching proxy for another site that is struggling with load. If you ignore the robots file and just crawl the thing from A to Z at a high rate, that causes a lot of requests to the upstream site for updating stale caches. You can obviously expect a ban because it's again just a waste of resources
There is no automation, I use `tail -f access.log`
I just look at what's happening on my server every now and then. Sometimes not for months, but then when I set up a project like that caching proxy, I'm currently keeping a more regular eye to see that crawlers aren't bothering the upstream via me. Most respect the robots policy, most of the ones that don't set a user agent string that include the word 'bot' and so I know not to refresh the cache based on that request. So far it has mostly been Huawei who pretend to be a regular user but request millions of pages (from 12 separate IP ranges so far, some of them bigger than /16, some of them a handful of /24s).
> Could you say more about how to identify these bad-bots?
Many requests per day to random pages from either the same IP address (range), or ranges owned by the same corporation
Interesting. Our open-source platform [1] has the capacity to help with all of this through a GUI and rule engine, but I'm still concerned about whether we should present this way of bot hunting as a feature. I worry that this approach may be irrelevant in today's context.
As I can see, there is already a heavy wave of new AI/startup/VC etc. data companies that goes beyond the data consumption expectations of websites in the pre-AI era.
However, I see the development of new bot types that tackle security in more aggressive ways. It's not just simple SQL injection as it was before, but more sophisticated and custom bots that not only request but also push a lot.
Or just a couple of days ago, I found a new type of bot that "brute-forces" website folder structure. ~205,000 requests in a couple of days.
These new bots are probably not directly the work of AI, but they seem to be a consequence of it.
We use tirreno [1] to manually and automatically analyze traffic and block unwanted bots. Although bot management is not currently listed as an official feature, it works well and is particularly helpful in complex bot hunting.
What sort of pages require 20 seconds to generate? This is extremely slow by most web standards and even your users would be frustrated by this. It sounds like poorly designed database queries with unindexed joins.
Google will also abandon page loads that take too long, and will demote rankings for that page (or the entire site!)
> It sounds like poorly designed database queries with unindexed joins
Neither of those assumptions are correct. As an example, one page needs to look through 2.5 million records to find where the world record holder changed because it provides stats on who held the most records, held them for the greatest cumulative time, etc. The only thing to do would be introducing caching layers for parts of the computation, but for the number of users this system has, it's just not worth spending more development time than I already have. Also keep in mind it's a free web service and I don't run ads or anything, it's just a fan project for a game
> Google will ... demote rankings for that page (or the entire site!)
Google employs anticompetitive practices to maintain the search monopoly. We need more diversity in search engines, I don't know how else to encourage people to use something instead of, or at least in addition to, Google, besides by making Google Search just not competitive anymore. Google's crawler cannot access my site in the first place (but their other crawlers can; I'm pretty selective about this). My sites never show up in Google searches, on purpose
It's also not the whole site that's slow, it's when you click on a handful of specific pages. If that makes those pages not appear in search results, that's fine. Besides that it's not my loss, it's not like any other site has the info so people will find their way to the main page and click on what they want to see
Like I said then, you need indexes on those columns which you filter on in this table. Search a table of 2.5 million records for a value is still blazing fast if you use indexes correctly. I’m talking about 0.01 seconds or less. Even with tables much larger.
I agree about Google being shit. However, my website makes my living, and feeds and clothes my children, so I have to play along to their rules, or suffer.
Please take your slowest performing query and run it with EXPLAIN in front. And share that (or dump it into an LLM and it will tell you have to fix it)
You need to drive and fine tune a Ferrari because it feeds your family. The OP just drive a nice little car, because it is fun to drive and he enjoys it. He could extract another +5% of torque by fine tuning, but he does not care, this is not where his joy is and where he wants to spend his time.
You have very strong opinions about a site you effectively know nothing about.
Instead of immediately concluding that the person actually building the system is an incompetent fool who doesn't know any better, maybe work on the assumption that they know what they're doing, and have already considered the various trade-offs.
If nothing else, that would be considerably less obnoxious.
> It sounds like poorly designed database queries with unindexed joins.
I find it amusing that you think every database operation imaginable can be performed in less than 20 seconds if we throw in a few indexes. Some things are slow no matter how much you optimise them.
The GP could have implemented them as async endpoints, or callbacks, but obviously they've already considered those options.
It's the kind of prescriptive cargo culting that is responsible for a significant fraction of pain involved in software engineering, right up there with DRY and KISS and shitty management.
I bet the GP abstracts out a function the second there's a third callsite too, regardless of where it's used or how it will evolved - only to add an options argument and blow up the cyclomatic complexity three days later.
So what about flight searches where we have to query several 3rd party providers, and can take 45 seconds to get results from all of them (out of my control). I can dynamically update the page (and do) but a scraper would have to wait 20-45 seconds to get the 'cheapest' flight from my site. I can add async the queries and have the fastest pipes, but if the upstream providers take their time (they need to query their GDSs as well), there's not much you can do.
I find it unethical for a website robots.txt to allow-list particular search engines and ban all others. Essentially you are colluding with established search providers.
Not necessarily, I have a website with 95% (maybe even more) of the traffic generated by crawlers. If some of them are behaving badly, it is fair to exclude them with my robots.txt.
But of course, the ones behaving badly tend to not respect the robots.txt, so you end up banning the IP or IP block.
And here, I am a nice guy, the crawler must really be a piece of crap for me to start to block.
This rather bluntly runs up against the fact that permitting crawling is an expense the web operator is taking on, ergo, receiving that content is by definition a privilege not a right.
Does anyone know of a scraper that uses LLMs/natural language to build a deterministic, robust script that I can use to scrape the same site in the future? All of the natural language extractors I’ve seen so far need an LLM every time, but that seems unnecessary…
llm-scraper [1] does a decent job but it's still a bit fragile. The biggest problem I have is all the React CSS-in-JS libraries that use hashes in their class names, which the LLM isn't smart enough to ignore.
I mostly use it to aggregate event calendars for all the concert/sport/etc venues, meetups, and clubs in my area and do some other scraping tasks. I host a little wrapper around llm-scraper on a DigitalOcean droplet that I call from Val.town scripts
I only check most places once a week so I use the LLM to do the scraping but there are a few cases where I have to scrape thousands of pages very frequently so I use the more deterministic script it generates instead.
Anyone have any experience webscraping from a Starlink IP? My assumption is you could stay under the radar due to cg nat, but it's not exactly something I want to be the first to find out about.
Mobile 4g USB sticks you can usually rotate your IP address by reconnecting. I tried on a pi, it was inconsistent. This was just with some random test mobile plan from rando carrier renting off Verizon I think
Shameless plug: prefix any URL with https://pure.md/ to get the pure markdown of that page. Useful for direct piping into an LLM. Has bot detection avoidance, proxy rotation, and headless JS rendering built in.
pretty cool seeing people still tweak their own scraping tools, but the cat and mouse game never ends huh - you think the web ever gets more open again or just keeps locking down?
I would prefer if we'd build a programmable web that provides value without relying on "scraping" websites for content.
Most applications that do this are not well intended.
I am looking for a way to throw an address at a planning authority (UK) and download the associated documents for that property. Could this or another tool help?
A property can have multiple planning applications and under each many documents.
What I have found useful (saved me time and potential lost £££) is to take the documents, combine to single pdf and provide to Gemini 2.5 Pro and then ask it to validate against agent specification for a property.
Over the weekend found a place that was advertising a feature of the house that was explicitly prohibited through planning decision notice.
Called the Agent up on it who claimed no knowledge but said this would have come up through solicitor checks, which it would have done, much later down the process with more or my money spent and considerable time lost.
Of course all this possible without LLMs but just makes it easier/cheaper to check at scale.
Could just cut out the href-value with grep and sed or a bit of scripting, '.pdf' seems to only occur on those links.
I'd keep it simple like that until I need to do periodic comparisons, i.e. actually need scrapers and is prepared to build what's needed to automatically watch and process directories where the scrapers put the files.
iSloth | 8 months ago
smartmic | 8 months ago
[1] https://github.com/benibela/xidel
darkwater | 8 months ago
DocTomoe | 8 months ago
_QrE | 8 months ago
Also, for stuff like this:
`modified_value = original_value.replace("HeadlessChrome", "Chrome")`
There's quite a few ways to figure out that a browser is a bot, and I don't think replacing a few values like this does much. Not asking you to reveal any tricks, just saying that if you're using something like Playwright, you can e.g. run scripts in the browser to adjust your fingerprint more easily.
[OP] jpyles | 8 months ago
I am looking to refactor a lot of this, and switching over to playwright is a high priority, using something like camoufox for scraping, instead of just chromium.
Most of my work on this the past month has been simple additions that are nice to haves
michaeljx | 8 months ago
[OP] jpyles | 8 months ago
Currently working on a PR to swap over
nkozyra | 8 months ago
[OP] jpyles | 8 months ago
dotancohen | 8 months ago
anxman | 8 months ago
dotancohen | 8 months ago
tough | 8 months ago
Just request the html and cap down all the other stuff
PS: I also think this has the nice side-effect of you consuming less resources (that you didnt care about/need anyways) from the server, so win win
windexh8er | 8 months ago
[0] https://crawlee.dev/
kristopolous | 8 months ago
throwaway81523 | 8 months ago
stuffoverflow | 8 months ago
renegat0x0 | 8 months ago
[1] https://github.com/rumca-js/crawler-buddy
3abiton | 8 months ago
I've used XPath for crawling with selenium, and it used to be my favorite way, but turned out quite unreliable if you don't combine it with other selectors as certain website are really badly designed and have no good patterns. So what's the added value over pure selenium?
cess11 | 8 months ago
nomilk | 8 months ago
anxman | 8 months ago
welanes | 8 months ago
2. Outsourcing the task to one of the many CAPTCHA-solving services (2Captcha etc) – better
3. Using a pool of reliable IP addresses so you don't encounter checkboxes or turnstiles – best
I run a web scraping startup (https://simplescraper.io) and this is usually the approach[0]. It has become more difficult, and I think a lot of the AI crawlers are peeing in the pool with aggressive scraping, which is making the web a little bit worse for everyone.
[0] Worth mentioning that once you're "in" past the captcha, a smart scraper will try to use fetch to access more pages on the same domain so you only need to solve a fraction of possible captchas.
nomilk | 8 months ago
First time hearing of the fetch() approach! If I understand correctly, regular browser automation might typically involve making separate GET requests for each page. Whereas the fetch() strategy involves making a GET for the first page (just as with regular browser automation), then after satisfying cloudflare, rather than going on to the next GET request, use fetch(<url>) to retrieve the rest of the pages you're after.
This approach is less noisy/impact on the server and therefore less likely to get noticed by bot detection.
This is fascinating stuff. (I'd previously used very little javascript in scrapes, preferring ruby, R, or python but this may tilt my tooling preferences toward using more js)
Tokumei-no-hito | 8 months ago
therein | 8 months ago
tough | 8 months ago
gruez | 8 months ago
You can get a real browser[1] to check the box for you, then use the cookies in your "dumb" scraper.
[1] https://github.com/FlareSolverr/FlareSolverr
nicman23 | 8 months ago
ricardo81 | 8 months ago
cess11 | 8 months ago
If that's not good enough you'll likely have to fiddle with your own web driver and possibly a computer vision rig to manage to click through 'find the motorcycle' kind of challenges. Paying a click farm to do it for you is probably cheaper in the short run.
An important hurdle is getting reputable IPv4 addresses to do it from, if you're going to do it a lot. Having or renting a botnet could help, but might be too illegal for your use case.
lucb1e | 8 months ago
You're welcome to scrape my sites but please do it ethically. Idk how to define that but some examples of things I consider not cool:
- Scraping without a contact method, or at least some unique identifier (like your project's codename), in the user agent string.
This is common practice, see e.g.: <https://en.wikipedia.org/wiki/User-Agent_header#Format_for_a...>. Many sites mention in public API guidelines to include an email address so you can be contacted in case of problems. If you don't include this and you're causing trouble, all I can do is ban your IP address altogether (or entire ranges: if you hop between several IPs I'll have to assume you have access to the whole range). Nobody likes IP bans: you have to get a new IP, your provider has a burned IP address, the next customer runs into issues... don't be this person, include an identifier.
- Timing out the request after a few seconds.
Some pages on my site involve number crunching and take 20 seconds to load. I could add complexity to do this async instead, but, by having it live, the regular users get the latest info and they know to just wait a few seconds and everybody is happy. Even the scrapers can get the info, I'm fine computing those pages for you. But if you ask for me to do work and then walk away, that's just rude. It shows up in my logs as HTTP status 499 and I'll ban scrapers that I notice doing this regularly
- Ignoring robots.txt.
I have exactly 1 entry in there, and that's a caching proxy for another site that is struggling with load. If you ignore the robots file and just crawl the thing from A to Z at a high rate, that causes a lot of requests to the upstream site for updating stale caches. You can obviously expect a ban because it's again just a waste of resources
edoceo | 8 months ago
lucb1e | 8 months ago
I just look at what's happening on my server every now and then. Sometimes not for months, but then when I set up a project like that caching proxy, I'm currently keeping a more regular eye to see that crawlers aren't bothering the upstream via me. Most respect the robots policy, most of the ones that don't set a user agent string that include the word 'bot' and so I know not to refresh the cache based on that request. So far it has mostly been Huawei who pretend to be a regular user but request millions of pages (from 12 separate IP ranges so far, some of them bigger than /16, some of them a handful of /24s).
> Could you say more about how to identify these bad-bots?
Many requests per day to random pages from either the same IP address (range), or ranges owned by the same corporation
reconnecting | 8 months ago
[1] https://github.com/TirrenoTechnologies/tirreno
tough | 8 months ago
So i'd expect an uptick in bots as everyone races to try and compete with google on data hoarding
reconnecting | 8 months ago
However, I see the development of new bot types that tackle security in more aggressive ways. It's not just simple SQL injection as it was before, but more sophisticated and custom bots that not only request but also push a lot.
Or just a couple of days ago, I found a new type of bot that "brute-forces" website folder structure. ~205,000 requests in a couple of days.
These new bots are probably not directly the work of AI, but they seem to be a consequence of it.
reconnecting | 8 months ago
[1] https://github.com/TirrenoTechnologies/tirreno
VladVladikoff | 8 months ago
Google will also abandon page loads that take too long, and will demote rankings for that page (or the entire site!)
lucb1e | 8 months ago
Neither of those assumptions are correct. As an example, one page needs to look through 2.5 million records to find where the world record holder changed because it provides stats on who held the most records, held them for the greatest cumulative time, etc. The only thing to do would be introducing caching layers for parts of the computation, but for the number of users this system has, it's just not worth spending more development time than I already have. Also keep in mind it's a free web service and I don't run ads or anything, it's just a fan project for a game
> Google will ... demote rankings for that page (or the entire site!)
Google employs anticompetitive practices to maintain the search monopoly. We need more diversity in search engines, I don't know how else to encourage people to use something instead of, or at least in addition to, Google, besides by making Google Search just not competitive anymore. Google's crawler cannot access my site in the first place (but their other crawlers can; I'm pretty selective about this). My sites never show up in Google searches, on purpose
It's also not the whole site that's slow, it's when you click on a handful of specific pages. If that makes those pages not appear in search results, that's fine. Besides that it's not my loss, it's not like any other site has the info so people will find their way to the main page and click on what they want to see
VladVladikoff | 8 months ago
I agree about Google being shit. However, my website makes my living, and feeds and clothes my children, so I have to play along to their rules, or suffer.
Please take your slowest performing query and run it with EXPLAIN in front. And share that (or dump it into an LLM and it will tell you have to fix it)
Loic | 8 months ago
a_ko | 8 months ago
monooso | 8 months ago
Instead of immediately concluding that the person actually building the system is an incompetent fool who doesn't know any better, maybe work on the assumption that they know what they're doing, and have already considered the various trade-offs.
If nothing else, that would be considerably less obnoxious.
selcuka | 8 months ago
I find it amusing that you think every database operation imaginable can be performed in less than 20 seconds if we throw in a few indexes. Some things are slow no matter how much you optimise them.
The GP could have implemented them as async endpoints, or callbacks, but obviously they've already considered those options.
throwup238 | 8 months ago
I bet the GP abstracts out a function the second there's a third callsite too, regardless of where it's used or how it will evolved - only to add an options argument and blow up the cyclomatic complexity three days later.
beatthatflight | 8 months ago
whazor | 8 months ago
Loic | 8 months ago
But of course, the ones behaving badly tend to not respect the robots.txt, so you end up banning the IP or IP block.
And here, I am a nice guy, the crawler must really be a piece of crap for me to start to block.
ToucanLoucan | 8 months ago
p3rls | 8 months ago
Fokamul | 8 months ago
datatrashfire | 8 months ago
This is a very effective way to make sure you won't get any scraping done!
TheTaytay | 8 months ago
throwup238 | 8 months ago
[1] https://github.com/mishushakov/llm-scraper
TheTaytay | 8 months ago
cdolan | 8 months ago
throwup238 | 8 months ago
I only check most places once a week so I use the LLM to do the scraping but there are a few cases where I have to scrape thousands of pages very frequently so I use the more deterministic script it generates instead.
cdolan | 8 months ago
dddw | 8 months ago
cdolan | 8 months ago
Works ok. Not as automated as I’d like
nicman23 | 8 months ago
tengbretson | 8 months ago
lyjackal | 8 months ago
dewey | 8 months ago
andrethegiant | 8 months ago
matt-p | 8 months ago
fredoliveira | 8 months ago
yoble | 8 months ago
vivzkestrel | 8 months ago
gitroom | 8 months ago
tommica | 8 months ago
jsemrau | 8 months ago
gzkk | 8 months ago
monkeydust | 8 months ago
I am looking for a way to throw an address at a planning authority (UK) and download the associated documents for that property. Could this or another tool help?
e.g.
https://publicaccess.barnet.gov.uk/online-applications/appli...
As pure random example.
A property can have multiple planning applications and under each many documents.
What I have found useful (saved me time and potential lost £££) is to take the documents, combine to single pdf and provide to Gemini 2.5 Pro and then ask it to validate against agent specification for a property.
Over the weekend found a place that was advertising a feature of the house that was explicitly prohibited through planning decision notice.
Called the Agent up on it who claimed no knowledge but said this would have come up through solicitor checks, which it would have done, much later down the process with more or my money spent and considerable time lost.
Of course all this possible without LLMs but just makes it easier/cheaper to check at scale.
cess11 | 8 months ago
I'd keep it simple like that until I need to do periodic comparisons, i.e. actually need scrapers and is prepared to build what's needed to automatically watch and process directories where the scrapers put the files.
mellosouls | 8 months ago
When using Scraperr, please remember to:
Respect robots.txt
Terms of Service
Rate Limiting
Kudos for promoting ethical usage; makes a change from some of the grifters selling borderline ddos-bots as crawlers.