Anubis, The Opensource Defender Against AI Bots: I fight bots in my free time

⁨358⁩ ⁨likes⁩

Submitted ⁨⁨5⁩ ⁨days⁩ ago⁩ by ⁨Pro@programming.dev⁩ to ⁨technology@lemmy.world⁩

https://xeiaso.net/talks/2025/bsdcan-anubis/

Project.

source

Comments

Sort:hotnew top

karpintero@lemmy.world ⁨5⁩ ⁨days⁩ ago
Cool project. The closing slide was pretty funny

If you are working at an AI company, here’s how you can sabotage Anubis development as easily and quickly as possible. So first is quit your job, second is work for Square Enix, and third is make absolute banger stuff for Final Fantasy XIV. That’s how you can sabotage this the best.

source
Allero@lemmy.today ⁨4⁩ ⁨days⁩ ago
Why does default config check Mozilla specifically?

{ "name": "generic-browser", "user_agent_regex": "Mozilla", "action": "CHALLENGE" }

Guess that’s why I’ve seen Anubis check screen quite a few times.
source
- morbidcactus@lemmy.ca ⁨4⁩ ⁨days⁩ ago
  Afaik, almost every browser uses “Mozilla/5.0” as part of the user agent, Mozilla mentions it as well in developer docs about User agents, it’s a historical compatibility thing apparently.
  
  source
  - Allero@lemmy.today ⁨4⁩ ⁨days⁩ ago
    Interesting, thanks!
    
    Guess it’s the same kinda thing as amd64 on Intel lol
    
    source
    -> View More Comments
- EncryptKeeper@lemmy.world ⁨4⁩ ⁨days⁩ ago
  The creator of Anubis did an interview on the Selfhosted Show podcast a little while back and explains this is detail, and it’s worth a listen.
  
  The episode
  
  The interview begins at 6:30
  
  source
  - LovableSidekick@lemmy.world ⁨4⁩ ⁨days⁩ ago
    Great interview! The whole proof-of-work approach is fascinating, and reminds me of a very old email concept he mentions in passing, where an email server would only accept a msg if the sender agreed to pay like a dollar. Then the user would accept the msg, which would refund the dollar. This would require spammers to front way too much money to make email span affordable. In his version the sender must do a processor-intensive computation, which is fine at the volume legitimate senders use but prohibitive for spammers.
    
    source
  - Allero@lemmy.today ⁨4⁩ ⁨days⁩ ago
    Thanks!
    
    source
PushButton@lemmy.world ⁨4⁩ ⁨days⁩ ago
I use the lynx browser sometimes, for hacker news, some blogs that I follow, or just for a quick browse to find an answer.

The fact that more and more websites need to use this kind of protection is saddening me, since lynx doesn’t support JavaScript.

That’s just another reason why I fucking hate AI.

I don’t hate it, I /fucking/ hate AI.

source
- Flipper@feddit.org ⁨4⁩ ⁨days⁩ ago
  You can bypass it by changing the user agent to not include Mozilla in the beginning.
  
  source
Tracaine@lemmy.world ⁨5⁩ ⁨days⁩ ago
Is this the first seed of the Blackwall?

source
Shanmugha@lemmy.world ⁨4⁩ ⁨days⁩ ago
My hero in shining armour (not a sarcasm, just a form of appreciation someone who did what I would never have done)

source
LovableSidekick@lemmy.world ⁨4⁩ ⁨days⁩ ago
It’s screens out bots, regardless of whether they use AI or are just traditional asshole-created bots.

source
- lagoon8622@sh.itjust.works ⁨4⁩ ⁨days⁩ ago
  It does, yes. This will prevent your content from being indexed, in most cases. The benefit is that your servers will be up. If your servers are down, they can’t be indexed either
  
  source
rhythmisaprancer@piefed.social ⁨5⁩ ⁨days⁩ ago
Interesting. I clicked on a link here a couple weeks ago and was presented with this and wasn't really sure what it was. Thanks for sharing this! It seems like a good alternative.

source