Thanks to a particularly annoying botnet, everyone’s favorite anime cat girl firewall is now helping protect piefed.ca & lemmy.ca from bots and scrapers.
This is requests per second and these are all thousands of scrapers on residential IPs hammering us:
They’d increase their usage until the site started struggling, then move on. I banned their user agents, but have no interest in a cat & mouse game. Anubis should hopefully keep things running much smoother for everyone.
Let me know if you have any trouble!
You must log in or # to comment.
I’ll be curious to know if y’all experience any federation issues. If not, I may introduce this on the mastodon instances I administrate!
Nothing so far. Anubis has a built in rule set for activity pub.
- red = obvious bots
- blue = bots and users hitting the first anubis page (ie, it’s 99.9% bots)
- green = users.
I don’t go to this school, but I’m gonna check whether I’m caught in your new net!
Edit: wew, I’m not a bot!
I like your nickname vs username.
Thank you! It felt like just the right amount of chicanery
It’ll be nice to compare the next week’s network traffic to the last one’s and (presumably) see the spikes disappear.
There’s definitely a noticeable drop.
I’m surprised our backend traffic so flat, but I’m assuming it’s mostly federation
Contrary to what my teachers tried to teach me, I am a user, mean, and req’d.
Take that, Mister Ecker!
Yay!!
F the bots. Would like to be able to have nice things. Happy that at least this is the 🇨🇦-made solution (at least the primary dev, anyways).
Does Fedecan have the budget to throw a couple of bucks a month to Xe? Completely understand if not, I’ve done not-for-profit corps before and I know what it’s like. But if the budget is there, spending it on a Canadian dev would be a nice choice, IMO.
Oh I didn’t realize they were Canadian, we’ll discuss!
Name and shame. What are the useragent strings? Can the companies be identified?
It won’t affect me personally, because I already hate all AI companies. But maybe I could convince some people if I tell them what a specific company is doing.
OP says residential IPs :/
https://stormproxies.com/ et al are the kinds of site that offer this. Backend accessible rotating residential IP addresses, makes finding the source of the scourge almost impossible
If you really want to get the info, bludgeoning them legally and cheaply with repeated small claims court processes seems asymmetrical enough to become a slightly cash positive hobby
that make sense, since bots both propaganda ones and the “normal ones” use residential ip on reddit for the same evasion method
They’re all generic user agents that just look like a browser. Nothing fingerprintable
Meh, useragents are easily spoofed and something tells me that most (all) AI companies don’t really care about behing honest there
It definitely did help for lemmy.cafe!
Bots can get rekt. I am afraid it’s still gonna be cat & mouse game, let’s see how long anubis works for us (I also use it for my services).
will I get anime cat girl challenges!?
Not unless you move over to our servers.
awww. I was hoping for something better than cars or busses.
Hell yeah! You guys are amazing!
Again. Not a cat.
Not a space snake either. Very disappointed.
She could be, we haven’t seen her back yet.
Chibi jackal girl. Still feels slightly blasphemous.
On feddit.org it was also implemented to get rid of bots and reduce load on the infrastructure. There had been some complaints because of the anubis landing page initially, however I think the general acceptance of this measure after explaining is rather high.
are there any alternatives to anubis?
How come you’re looking for an alternative? Does it not do the job for you or something?
tbh i would prefer something silent instead of a full screen block page while it figures out whether I’m a bot or not
I don’t even like cloudflare click to confirm you’re not a bot pages which auto confirm
To my knowledge, which is often wrong, that’s necessary.
It’s a proof of work system, so your browser has to receive the challenge work, create background workers to do it, then submit the results and get authenticated.
If the work wasn’t challenging (slow), then it wouldn’t be any impediment to scrapers and bots.
Whether there are alternatives to proof of work that work well, I do not know. But fingerprinting alone is actually very difficult.
FWIW I think cloudflare and similar do the full screen thing too, they just render a blank page though so it just feels like more load time.
I don’t run Anubis on my stuff currently, but I’d be surprised if it doesn’t have a similar feature
Thunderbird fails the check. I can’t access communities through my RSS reader.
Look into Iocaine and other similar “ai tarpits.”
Thank you!
Is this why Thunderbird is suddenly spouting errors whenever it checks a lemmy.ca feed? I’m not a bot.
EDIT: fixed
Try now?
It looks like its working now. Thanks for for your help!
I didn’t realize thunderbird could access lemmy. Will look later today.
Wait, Thunderbird queue with Activity Pub or Lemmy?
Yep. The community pages all provide RSS feeds and Mastodon has them as well.
It’s so nice using it as an all-in-one newsfeed aggregated with everything else.
Now that you say that, I did set up another RSS reader to display a Lemmy RSS. Thunderbird sports RSS, therefore…
