How OpenAI’s Bot Crushed a Seven-Person Company’s Website ‘Like a DDoS Attack’

On Saturday, January 6, 2025, Triplegangers, a small seven-person company, faced an unexpected crisis. Their e-commerce website went down, and it looked like a DDoS attack. But the real culprit wasn’t a hacker — it was a bot from OpenAI.

How OpenAI’s Bot Disrupted Triplegangers’ Website

Triplegangers, which specializes in selling 3D human digital doubles for industries like video game development and 3D artistry, saw its website flooded with tens of thousands of requests from OpenAI’s bot. The bot tried to scrape the entire site, including over 65,000 product pages and hundreds of thousands of images. It used 600 IP addresses to overload the system, effectively causing the website to crash.

“We’re a small business, and this is our entire operation,” says CEO Oleksandr Tomchuk. The site, which took years to build, was under siege from a bot that seemed to treat the intellectual property on the site as fair game.

The Problem with Robots.txt

Triplegangers had a robots.txt file in place, a standard tool to tell bots what content to avoid scraping. However, OpenAI’s bot ignored these instructions and continued its aggressive scraping, consuming server resources and increasing cloud computing costs.

Even though OpenAI claims that its bots will respect robots.txt files, Triplegangers’ experience reveals a critical flaw: bots are not required to ask for permission to scrape. Businesses must explicitly block bots by updating their robots.txt files with specific tags. And even when updates are made, bots can take up to 24 hours to honor them.

The Financial and Legal Impact

The incident had serious consequences for Triplegangers. In addition to the website crash, the AWS bill skyrocketed due to the high demand placed on servers by the bot. But the financial strain was only part of the issue. For a business dealing with sensitive 3D human scans, the scraping raised legal concerns, especially with laws like GDPR in Europe.

A Wake-Up Call for Small Businesses

By January 10, Triplegangers had successfully blocked the bot using Cloudflare and an updated robots.txt file. However, Tomchuk still doesn’t know exactly what data was taken, and there’s no easy way to get it removed. Unfortunately, OpenAI has not responded to his requests for help.

This case highlights a growing issue: AI bots are becoming more aggressive, and small businesses are often unprepared. Many are unaware that their data is being scraped until it’s too late.

The Need for Ethical Scraping

As AI crawlers continue to increase in number and sophistication, it’s crucial for companies to consider ethical data usage. AI models should ask for permission before scraping websites, not rely on business owners to block them.

Take Action: Protect Your Site from Scraping

If you’re a website owner, it’s essential to regularly monitor your logs and update your robots.txt file. While bots like OpenAI’s may be legal, the impact they have on small businesses is undeniable. Take action now to protect your intellectual property and keep your site running smoothly.

For more information, check out these helpful resources: