Unfortunately Anubis wouldn’t stop the bots, it would just slow them down.
Anubis just adds proof of work, AKA computation, to your requests. It’s why your browser takes a second before it can access the site. It’s nothing for things on your scale, but it’s a fuck ton of time and money for large scraping operations accessing millions of links every day.
For a bot submitting PRs though, it’s not gonna be a meaningful hindrance unless the person is specifically running a bot designed to make thousands of PRs every day, which a lot of these aren’t.
I was thinking that using selenium or similar would allow the bot to circumvent any block that works in a browser. Since it’s probably not doing a million PRs at once, doing that would be viable. It could even use the cookie from the selenium session to then use the api directly.
Kinda like flaresolver does for prowlarr/jackett.
In which case Anubis is only a temporary measure until the vibe coders wise up.
Defense systems also improve. Anubis can make the Proof-of-Work (PoW) more difficult or add new checks. This competition is won by whoever can keep their costs lower. When spammers have to use more resources for each pull request while normal users do not pay an extra cost, the defenders win.
Codeberg Anubis when?
Unfortunately Anubis wouldn’t stop the bots, it would just slow them down.
Anubis just adds proof of work, AKA computation, to your requests. It’s why your browser takes a second before it can access the site. It’s nothing for things on your scale, but it’s a fuck ton of time and money for large scraping operations accessing millions of links every day.
For a bot submitting PRs though, it’s not gonna be a meaningful hindrance unless the person is specifically running a bot designed to make thousands of PRs every day, which a lot of these aren’t.
Really unfortunate.
there is?
I’m ignorant 😅 I don’t use either. I guess it doesn’t really defend against browser-remote-controlling bot agents.
if you mean some users giving control of their browser to an bot no it don’t because it’s still a legit user browser window
but most of bots don’t use a legit browser window (because it would be impossible to scale)
I was thinking that using selenium or similar would allow the bot to circumvent any block that works in a browser. Since it’s probably not doing a million PRs at once, doing that would be viable. It could even use the cookie from the selenium session to then use the api directly.
Kinda like flaresolver does for prowlarr/jackett.
In which case Anubis is only a temporary measure until the vibe coders wise up.
Defense systems also improve. Anubis can make the Proof-of-Work (PoW) more difficult or add new checks. This competition is won by whoever can keep their costs lower. When spammers have to use more resources for each pull request while normal users do not pay an extra cost, the defenders win.