this post was submitted on 28 Apr 2025
7 points (88.9% liked)

Lemmy Support

4840 readers
32 users here now

Support / questions about Lemmy.

Matrix Space: #lemmy-space

founded 6 years ago
MODERATORS
[email protected]
7
[QUESTION] Would you consider adding PoW CAPTCHAs? (lemmy.asudox.dev)
submitted 1 day ago* (last edited 1 day ago) by [email protected] to c/[email protected]
10 comments fedilink hide all child comments
 

It seems like some FOSS websites started using a Proof of Work CAPTCHA called Anubis because they've been getting hit by crawlers to gather data for LLMs. It seems like it helps.

It does not stop them, but it does make it more expensive and slower for the attacker. At the moment, I haven't seen any instance having this problem, but it most likely will be a problem someday and being praped for it is definitely not a bad thing.

Lemmy could benefit from this by maybe placing some invisible or auto PoW CAPTCHAs when doing some action like commenting, posting, etc.

you are viewing a single comment's thread
view the rest of the comments
[–] Nothing4You 4 points 22 hours ago (3 children)

slrpnk.net has some first hand experience for this, as @[email protected] already deployed anubis in front of lemmy-ui.

it wouldn't be that complicated to add it to lemmy-ansible if people are interested in having the option.

i don't see the argument for having this before user interaction though; the main goal of this is to fight malicious crawlers. for authenticated users, solutions like this are completely unnecessary as these can simply and much more efficiently be addressed through rate limits without putting users on low end hardware at a disadvantage and contributing to global warming.

[–] [email protected] 3 points 22 hours ago (2 children)

Yes and so far only minor issues that are hard to replicate. Thanks again for helping us to find out the final issue with the setup a few weeks ago.

I agree that it would make more sense to only enable it for unauthenticated visitors, but that seems a bit hard to do with an external software like Anubis.

[–] Nothing4You 1 points 22 hours ago (1 children)

I didn't mean only showing Anubis to unauthenticated users; this was in response to OP mentioning to add this before posting or commenting, which would be the opposite of removing it for authenticated users.

[–] [email protected] 1 points 21 hours ago

Ah, ok. Yes that kinda makes sense if you think of Anubis as a CAPTCHA equivalent, but it really isn't as I tried to explain in my other post.