They Have No Idea How Fun The Water Park Is!

I do not, ActivityPub uses HTTP signatures to make sure messages and requests from other servers are legit,

Essentially, it adds a "signature" header which contains a link to a users public key, a list of headers in the message and a signed hash of all the headers and the request.

There's a better explaination here: https://docs.joinmastodon.org/spec/security/

A delicated bot to scrape ActivityPub posts is possible, but generic bots shouldn't work. If a delicated bot is made, people can block its keys or server anyway.

I doubt they're crawling stuff over AP, you usually need a HTTP signature for that, and no bot is going to bother with those.

Most crawling would just be spamming the web interface.

While I'm sure that would let me see the article, mastodon probably wouldn't handle it well.

Also: bunker blocks me 100% of the time on individual articles.

Running curl https://blenderdumbass.org/activitypub/account/blenderdumbass -H "Accept: application/activity+json" twice in a row outputs some bunkerweb anti-spam stuff.

Did something change since this was posted?
I can look it up properly on mastodon.
You have to be signed in to fetch accounts on mastodon, is that the problem?

Are you using any framework to build the site? There's a few libraries for activitypub.
These links could be helpful: https://codeberg.org/fediverse/delightful-activitypub-development/