Show HN: Shapow – Nginx module to block bots with PoW (github.com)

2 points by mzajc ↗ HN
Hi HN!

Since my cgit instance has been getting hammered by botnets for a while now, I've decided put a little more effort into my blocking strategy.

In practice this meant putting a JS proof-of-work challenge on the site as these less unobtrusive than traditional CAPTCHAs and seem difficult to solve in bulk. I also wanted

* Support for users who block cookies

* Something I could easily integrate into my existing configuration

* Something simple, I need it to do one thing well

I looked at a few existing solutions but wasn't satisfied (and admittedly I wanted an excuse to make something with Nginx), so I made my own!

Source: https://github.com/markozajc/shapow

Demo: https://zajc.tel/shapow-demo-diff25 (you stay whitelisted for 5s)

Demo with a more reasonable difficulty: https://zajc.tel/shapow-demo

Binaries are only available for Debian stable amd64, and I've also uploaded an AUR package. Build instructions for others are in the README.

1 comment

[ 3.8 ms ] story [ 14.1 ms ] thread
The repo doesn't mention a licence but the actual JS for the proof of work system mentions AGPL3, which is going to make this unsuitable for a lot of people.