Is there a reason other than avoiding infrastructure centralization not to put a web server behind cloudflare?
Comment on Why are anime catgirls blocking my access to the Linux kernel?
poVoq@slrpnk.net 3 weeks agoAnd it was/is for sure the lesser evil compared to what most others did: put the site behind Cloudflare.
I feel people that complain about Anubis have never had their server overheat and shut down on a almost daily basis because of AI scrapers 🤦
mobotsar@sh.itjust.works 2 weeks ago
poVoq@slrpnk.net 2 weeks ago
Yes, because Cloudflare routinely blocks entire IP ranges and puts people into endless captcha loops. And it snoops on all traffic and collects a lot of metadata about all your site visitors. And if you let them terminate TLS they will even analyse the passwords that people use to log into the services you run. It’s basically a huge survelliance dragnet and probably a front for the NSA.
bjoern_tantau@swg-empire.de 2 weeks ago
Cloudflare would need https keys so they could read all the content you worked so hard to encrypt. If I wanted to do bad shit I would apply at Cloudflare.
mobotsar@sh.itjust.works 2 weeks ago
Maybe I’m misunderstanding what “behind cloudflare” means in this context, but I have a couple of my sites proxied through cloudflare to prevent scrapers, and they definitely don’t have my keys.
starkzarn@infosec.pub 2 weeks ago
That’s because they just terminate TLS at their end. Your DNS record is “poisoned” by the orange cloud and their infrastructure answers for you. They happen to have a trusted root CA so they just present one of their own certificates with a SAN that matches your domain and your browser trusts it. Bingo, TLS termination at CF servers. They have it in cleartext then and just re-encrypt it with your origin server if you enforce TLS, but at that point it’s meaningless.
bjoern_tantau@swg-empire.de 2 weeks ago
Hmm, I should look up how that works.
interdimensionalmeme@lemmy.ml 2 weeks ago
Unless you have a dirty heatsink, no amount of hammering would make the server overheat
poVoq@slrpnk.net 2 weeks ago
Are you explaining my own server to me? 🙄
interdimensionalmeme@lemmy.ml 2 weeks ago
What CPU do you have made after 2004 that doesn’t have automatic temperature control ?
I don’t think there is any, unless you somehow managed to disable it ?
Even a raspberry pi without a heatsink won’t overheat to shutdownpoVoq@slrpnk.net 2 weeks ago
You are right, it is actually worse, it usually just overloads the CPU so badly that it starts to throttle and then I can’t even access the server via SSH anymore. But sometimes it also crashes the server so that it reboots, and yes that can happen on modern CPUs as well.
moseschrute@crust.piefed.social 2 weeks ago
Out of curiosity, what’s the issue with Cloudflair? Aside from the constant worry they may strong arm you into their enterprise pricing if you’re site is too popular lol. I understand support open source, but why not let companies handle the expensive bits as long as they’re willing?
I guess I can answer my own question. If the point of the Fediverse is to remove a single point of failure, then I suppose Cloidflare could become a single point to take down the network. Still, we could always pivot away from those types of services later, right?
Limonene@lemmy.world 2 weeks ago
Cloudflare has IP banned me before for no reason (no proxy, no VPN, residential ISP with no bot traffic). They’ve switched their captcha system a few times, and some years it’s easy, some years it’s impossible.
daniskarma@lemmy.dbzer0.com 2 weeks ago
I still think captchas are a better solution.
In order to surpass them they have to run AI inference which is also comes with compute costs. But for legitimate users you don’t run unauthorized intensive tasks on their hardware.
poVoq@slrpnk.net 2 weeks ago
They are much worse for accessibility, and also take longer to solve and are more distruptive for the majority of users.
daniskarma@lemmy.dbzer0.com 2 weeks ago
Anubis is worse for privacy. As you have to have JavaScript enabled. And worse for the environment as the cryptographic challenges with PoW are just a waste.
Also reCaptcha types are not really that disturbing most of the time.
As I said, the polite thing you just be giving users the options. Anubis PoW running directly just for entering a website is one of the most rudest piece of software I’ve seen lately. They should be more polite, and just give an option to the user, maybe the user could chose to solve a captcha or run Anubis PoW, or even just having Anubis but after a button the user could click.
I don’t think is good practice to run that type of software just for entering a website. If that tendency were to grow browsers would need to adapt and straight up block that behavior.
poVoq@slrpnk.net 2 weeks ago
Are you seriously complaining about an (entirely false) negative privacy aspect of Anubis and then suggest reCaptcha from Google is better? Are you serious?
Look, no one thinks Anubis is great, but often it is that or the website becoming entirely inaccessible because it is DDOSed to death by the AI scrapers.
tofu@lemmy.nocturnal.garden 3 weeks ago
Yeah, I’m just wondering what’s going to follow.
rtxn@lemmy.world 3 weeks ago
The developer is working on upgrades and better tools. xeiaso.net/…/avoiding-becoming-peg-dependency/
grysbok@lemmy.sdf.org 2 weeks ago
I’ll say the developer is also very responsive. They’re (ambiguous ‘they’, not sure of pronouns) active in a libraries-fighting-bots slack channel I’m on. Libraries have been hit hard by the bots: we have hoards of tasty archives and we don’t have money to throw resources at the problem.
lilith267@lemmy.blahaj.zone 2 weeks ago
The Anubis repo has an enbyware emblem fun fact :D
tofu@lemmy.nocturnal.garden 2 weeks ago
Cool, thanks for posting! Also the reasoning for the image is cool.