It seems like some FOSS websites started using a Proof of Work CAPTCHA called Anubis because they’ve been getting hit by crawlers to gather data for LLMs. It seems like it helps.
It does not stop them, but it does make it more expensive and slower for the attacker. At the moment, I haven’t seen any instance having this problem, but it most likely will be a problem someday and being praped for it is definitely not a bad thing.
Lemmy could benefit from this by maybe placing some invisible or auto PoW CAPTCHAs when doing some action like commenting, posting, etc.
slrpnk.net has some first hand experience for this, as @[email protected] already deployed anubis in front of lemmy-ui.
it wouldn’t be that complicated to add it to lemmy-ansible if people are interested in having the option.
i don’t see the argument for having this before user interaction though; the main goal of this is to fight malicious crawlers. for authenticated users, solutions like this are completely unnecessary as these can simply and much more efficiently be addressed through rate limits without putting users on low end hardware at a disadvantage and contributing to global warming.
Yes and so far only minor issues that are hard to replicate. Thanks again for helping us to find out the final issue with the setup a few weeks ago.
I agree that it would make more sense to only enable it for unauthenticated visitors, but that seems a bit hard to do with an external software like Anubis.
I didn’t mean only showing Anubis to unauthenticated users; this was in response to OP mentioning to add this before posting or commenting, which would be the opposite of removing it for authenticated users.
Ah, ok. Yes that kinda makes sense if you think of Anubis as a CAPTCHA equivalent, but it really isn’t as I tried to explain in my other post.