We can use sever logs to weed out bots. They move different than humans through sites and these differences should be easy to spot for a sufficiently trained AI. 

We could then test out responses, such as banning the IP address it came from (but still providing a way with humans to challenge/reverse that, in case our system makes a mistake).