Назад в Learn
Москва
Инструкции

How to Detect AI Bot Crawlers in Your Server Logs

AI crawlers from OpenAI, Anthropic, and others visit your site constantly. This guide shows you exactly how to find them in raw server logs and what to do with that data.

Автор: Daniel Mercer6 мин чтения
How to Detect AI Bot Crawlers in Your Server Logs

AI crawlers from OpenAI, Anthropic, Google, and others are indexing your content right now — whether you know it or not. Detecting them starts with your server logs, which record every HTTP request including the user-agent string that identifies each bot.

Why Should You Detect AI Bot Crawlers?#

Knowing which AI crawlers visit your site gives you control. You can measure how often your content is being scraped for training data, identify crawl budget drain, enforce your robots.txt directives, and make informed decisions about whether to allow or block specific bots.

AI crawlers do not always respect robots.txt. Detecting them in logs is your ground-truth audit — independent of any bot's self-reported behavior.

What Are the Most Common AI Bot User-Agent Strings?#

Each major AI platform sends a distinct user-agent string with every request. These are the primary ones to watch for:

  • GPTBot — OpenAI's crawler: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.2; +https://openai.com/gptbot)
  • ChatGPT-User — OpenAI's browsing plugin agent
  • ClaudeBot — Anthropic's crawler: ClaudeBot/1.0; +https://anthropic.com/claude
  • anthropic-ai — Older Anthropic identifier
  • Google-Extended — Google's opt-out target for Gemini/Bard training
  • CCBot — Common Crawl, the dataset used by many open-source LLMs
  • FacebookBot — Meta's content crawler (feeds AI systems)
  • Bytespider — ByteDance/TikTok crawler
  • PerplexityBot — Perplexity AI's index crawler
  • Applebot-Extended — Apple's AI training crawler

Keep this list updated. New AI bots appear regularly, and established ones update their user-agent tokens.

How Do You Read Raw Server Logs to Find AI Bots?#

Server logs store one request per line in Combined Log Format by default. A typical Apache or Nginx entry looks like this:

203.0.113.42 - - [12/Jun/2025:09:14:33 +0000] "GET /blog/seo-guide HTTP/1.1" 200 4821 "-" "GPTBot/1.2"

The fields are: IP address, timestamp, HTTP method + path, status code, bytes transferred, referrer, and user-agent. The user-agent is always the last quoted string.

Step 1: Access Your Raw Log Files

Log locations differ by server and hosting environment:

  • Apache (Linux): /var/log/apache2/access.log or /var/log/httpd/access_log
  • Nginx: /var/log/nginx/access.log
  • cPanel shared hosting: File Manager → logs/ directory in your home folder
  • Cloudflare: Workers Logs or Logpush (requires paid plan)
  • AWS CloudFront: Enable access logging to an S3 bucket
  • Vercel / Netlify: Log drains forward to third-party services

If you use a managed host, you may need to enable access logging explicitly in your control panel before any data appears.

Step 2: Filter for Known AI Bot User-Agents with grep

The fastest way to isolate AI crawler requests on Linux/macOS is grep:

bash
# Single bot
grep -i "GPTBot" /var/log/nginx/access.log

# Multiple bots in one pass
grep -iE "GPTBot|ClaudeBot|Google-Extended|PerplexityBot|Bytespider|CCBot|anthropic-ai" /var/log/nginx/access.log

# Count hits per bot type
grep -iEo "GPTBot|ClaudeBot|Google-Extended|PerplexityBot|Bytespider" /var/log/nginx/access.log | sort | uniq -c | sort -rn

The -i flag makes matching case-insensitive. The -E flag enables extended regex for alternation (|).

Step 3: Extract Crawl Volume and Frequency

Raw hit counts matter less than crawl rate over time. Use awk to break down requests by date:

bash
grep -i "GPTBot" /var/log/nginx/access.log | awk '{print $4}' | cut -d: -f1 | tr -d '[' | sort | uniq -c

This prints a per-day hit count for GPTBot. Spikes on specific dates may indicate a new content publication triggered a re-crawl, or a training data collection event.

Step 4: Identify Which URLs AI Bots Are Crawling

Knowing which pages a bot requests is as important as knowing it visited. Extract URLs from filtered log lines:

bash
grep -i "GPTBot" /var/log/nginx/access.log | awk '{print $7}' | sort | uniq -c | sort -rn | head -20

This gives you the 20 most-requested URLs by GPTBot. If the bot hammers your /wp-json/ API endpoint rather than editorial content, that signals a different concern than content scraping.

Step 5: Cross-Reference IP Addresses Against Published Ranges

Some bots mask or rotate user-agents. Verify suspicious IPs against published ASN and IP ranges:

  • OpenAI GPTBot: Published at https://openai.com/gptbot-ranges.txt
  • Anthropic ClaudeBot: Published in their documentation
  • Google: Use the dig or host command to reverse-DNS check IPs against googlebot.com
bash
# Reverse DNS lookup
host 66.249.66.1
# Expected output includes: crawl-66-249-66-1.googlebot.com

If a user-agent claims to be GPTBot but the IP does not resolve to OpenAI's ASN, treat it as a spoofed bot.

How Do You Analyze Logs at Scale?#

For high-traffic sites, grepping raw text files is too slow. Use these approaches:

  • GoAccess — real-time log analyzer, runs in terminal or generates HTML reports. Filter by user-agent pattern.
  • AWStats / Webalizer — older but widely available on shared hosts; identify bot sections in generated reports.
  • Elastic Stack (ELK) — ingest logs into Elasticsearch, query bot traffic with Kibana dashboards.
  • Splunk — enterprise-grade; create saved searches for AI bot user-agent patterns.
  • Cloudflare Analytics — if proxied, bot categories are labeled automatically in the dashboard.

For most sites, GoAccess with a custom filter covers 90% of needs without infrastructure overhead.

What Should You Do After Detecting AI Bot Traffic?#

Detection is step one. Your response depends on your goals:

  1. Allow and monitor — Do nothing. Understand which bots visit and which pages they prefer.
  2. Block selectively via robots.txt — Add User-agent: GPTBot + Disallow: / to exclude OpenAI's crawler from training data collection.
  3. Rate-limit via server config — Use Nginx limit_req_zone or Apache mod_ratelimit to cap requests per second from bot IP ranges.
  4. Return 429 or 403 — For bots that ignore robots.txt, serve a 429 Too Many Requests or 403 Forbidden at the server level.
  5. Log and alert — Set up log monitoring alerts (e.g., via Datadog, Grafana, or a cron job emailing daily counts) when any new unknown user-agent appears in volume.

Never block bots indiscriminately. Googlebot and Bingbot crawl for search indexing — blocking them harms your organic visibility.

How Do You Detect Bots That Disguise Their User-Agents?#

Some scrapers impersonate real browsers. Behavioral signals in logs can expose them:

  • Inhuman request rate — Legitimate users don't request 500 pages in 60 seconds.
  • No referrer + consistent path patterns — Bots often crawl sitemaps sequentially with zero referrer.
  • Identical session behavior — Same IP hitting the same depth of pages without variation.
  • Non-browser Accept headers — Check if the Accept: header matches what a real browser sends.

For advanced detection, combine log analysis with a JavaScript challenge (via Cloudflare Turnstile or similar) — bots that don't execute JavaScript will never trigger client-side events.

Setting Up Automated AI Bot Log Monitoring#

Manual log checks don't scale. Automate with a simple cron script:

bash
#!/bin/bash
# ai_bot_report.sh — runs daily via cron
LOG="/var/log/nginx/access.log"
DATE=$(date +%Y-%m-%d)
OUTPUT="/tmp/ai_bot_report_${DATE}.txt"

echo "AI Bot Crawl Report: $DATE" > "$OUTPUT"
grep -iE "GPTBot|ClaudeBot|Google-Extended|PerplexityBot|Bytespider|CCBot" "$LOG" \
  | awk '{print $7}' | sort | uniq -c | sort -rn >> "$OUTPUT"

mail -s "AI Bot Report $DATE" [email protected] < "$OUTPUT"

Add to crontab: 0 6 * * * /usr/local/bin/ai_bot_report.sh

This runs at 6 AM daily and emails a URL frequency report sorted by most-crawled pages.

Key Takeaways#

  • Your server access logs are the most reliable source of AI bot crawl data — no third-party tool needed.
  • Filter by user-agent string first, then validate against published IP ranges.
  • Measure crawl volume over time, not just total hits.
  • Match your response (allow, block, rate-limit) to your content strategy.
  • Automate monitoring so anomalies surface without manual checks.
How to Detect AI Bot Crawlers in Your Server Logs — illustration 1
Поделиться статьёйXLinkedIn

Часто задаваемые вопросы

How do I find GPTBot in my server logs?
Search your access log for the string 'GPTBot' using grep: `grep -i "GPTBot" /var/log/nginx/access.log`. Each matching line represents one request from OpenAI's crawler. Cross-reference the source IP against OpenAI's published IP range list at openai.com/gptbot-ranges.txt to confirm authenticity.
What user-agent strings do AI crawlers use?
The most common AI crawler user-agents are GPTBot (OpenAI), ClaudeBot and anthropic-ai (Anthropic), Google-Extended (Google AI training), PerplexityBot, Bytespider (ByteDance), CCBot (Common Crawl), and Applebot-Extended. Each is embedded in the user-agent field of every HTTP request the bot makes.
Can AI bots fake their user-agent strings?
Yes. Any crawler can set an arbitrary user-agent. Always validate suspected AI bot traffic by reverse-DNS checking the source IP and comparing it against the bot operator's published IP ranges. A request claiming to be GPTBot from an unrelated IP should be treated as a spoofed or unknown bot.
How do I block AI crawlers from scraping my site?
Add a disallow rule to your robots.txt for specific bots, for example: `User-agent: GPTBot` followed by `Disallow: /`. For bots that ignore robots.txt, block their IP ranges at the server or firewall level and return a 403 or 429 HTTP status code.
What log analysis tool is best for detecting AI bots?
GoAccess is the most practical option for most sites — it runs in a terminal, generates HTML reports, and supports custom user-agent filters with no infrastructure setup. For enterprise scale, Elastic Stack or Splunk provide dashboards and alerting. Cloudflare Analytics automatically categorizes known bots if your site is proxied through Cloudflare.
How often do AI crawlers visit a typical website?
Crawl frequency varies by site size, content freshness, and how prominently the site appears in training datasets. Some sites see AI crawler requests multiple times per day; others are visited weekly. Checking your logs over a rolling 30-day window gives a more representative picture than a single day snapshot.
Do AI crawlers affect my site's crawl budget or server performance?
Yes. Aggressive AI crawlers can consume significant crawl budget and add server load, especially on smaller hosting plans. Monitoring request rates in your logs helps identify bots making hundreds of requests per hour, which you can then rate-limit or block to protect server resources and preserve crawl budget for legitimate search engines.