(no title)
fatchan | 10 months ago
Some differences:
- Uses HAProxy (duh)
- Proof of work can be either sha256 or argon2
- Optional recaptcha/hcaptcha in addition to the proof of work
- Includes a script for your page that will re-solve the challenge in the background before the cookie expires
There's also a control panel, dns server, etc. I kinda built my own everything because I refused to use bunny/cloudflare/whatever.
One thing I will say though, is that proof-of-work alone isn't a solution for ddos mitigation and bot protection! I've seen attackers using a mass of proxies and headless browsers to solve the challenge, or even writing code to extract and solve the challenge directly (https://github.com/lizthegrey/tor-fetcher). To adequately protect against more targeted attacks, you need additional acl and heuristics, browser fingerprinting, tls fingerprinting, ip reputation, etc. I do offer the whole thing setup as a commercial service, but will refrain from too much shilling.
It's fun, and I love seeing similar softwares help fight the horde of AI scrapers :^)
anonfordays|9 months ago
If you make the challenge sufficiently difficult enough, it should mitigate this no?
>or even writing code to extract and solve the challenge directly (https://github.com/lizthegrey/tor-fetcher).
Similarly if the challenge is difficult, wouldn't matter where it's solved.
I'm not sure why one would use Anubis over haproxy-protection.