|
|
|
|
|
|
by fatchan
412 days ago
|
|
|
Hey, funny to see my project mentioned here also. Yes, similar in concept. Some differences: - Uses HAProxy (duh) - Proof of work can be either sha256 or argon2 - Optional recaptcha/hcaptcha in addition to the proof of work - Includes a script for your page that will re-solve the challenge in the background before the cookie expires There's also a control panel, dns server, etc. I kinda built my own everything because I refused to use bunny/cloudflare/whatever. One thing I will say though, is that proof-of-work alone isn't a solution for ddos mitigation and bot protection! I've seen attackers using a mass of proxies and headless browsers to solve the challenge, or even writing code to extract and solve the challenge directly (https://github.com/lizthegrey/tor-fetcher). To adequately protect against more targeted attacks, you need additional acl and heuristics, browser fingerprinting, tls fingerprinting, ip reputation, etc. I do offer the whole thing setup as a commercial service, but will refrain from too much shilling. It's fun, and I love seeing similar softwares help fight the horde of AI scrapers :^) |
|
|
If you make the challenge sufficiently difficult enough, it should mitigate this no?
>or even writing code to extract and solve the challenge directly (https://github.com/lizthegrey/tor-fetcher).
Similarly if the challenge is difficult, wouldn't matter where it's solved.
I'm not sure why one would use Anubis over haproxy-protection.