Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I agree with you that it is infact a DDOS protection but still, the fact that it is open source and created by a really cool dev (she is awesome), I think I don't really mind it gaining popularity. And also they had created it out of their own necessity which is also really nice.

Anubis is getting real love out there and I think I am all for it. I personally host a lot of my stuff on cloudflare due to it being free with cloudflare workers but if I ever have a vps, I am probably going to use anubis as well



I'm not sure why there's so many negative comments here. This looks nice, appears to work, is open source and MIT licensed. Why _wouldn't_ I use this?


It also doesn’t cede more market power to CloudFlare, which tends to block non-mainstream browsers, users with adblockers, Tor, or cookies and JavaScript disabled.


I don't know what have I done but I'd say I get blocked by cloudflare a few visits per week. It's not a huge deal but it's very annoying


It's usually explained as site owner sets stringent security settings.


This tool does block JavaScript-disabled browsers though. There's a comment here that complained about the pain Anubis causes with cookie-less browsers, but they got downvoted.


There's also "checkpoint" [1] which works without Javascript. As far as I can tell they cover the same use case with a very similar user experience.

[1]: https://github.com/vaxerski/checkpoint


That's great, but noscript tag is used for a long time to abuse noscript users in various ways, so it makes sense to hide it.


how can it work without javascript. I have skimmed through the readme and it says cryptographic challenge.

How can anyone provide a cryptographic challenge without javascript feels like black magic.

Can you please explain to me how it works without javascript?


It just gives a perl script to run HashCash. https://github.com/vaxerski/checkpoint/blob/main/html/explai...

Javascript might be better to run in scratchpad.


I have plans involving IP reputation and a few other behaviors I've noticed. The main problem is that all my ideas involve cookies.


IP reputation will be subject to very high false negative rates because some unscrupulous bots have taken to laundering their traffic through residential proxy companies. There are alternatives to cookies like Etags, but they have their own issues.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: