A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Context:
https://en.wikipedia.org/wiki/Anubis_(software)
Anubis is an open source software program that adds a proof of work challenge to websites before users can access them in order to deter web scraping. It has been adopted mainly by Git forges and free and open-source software projects.[4][5]
Iocaine is a defense mechanism against unwanted scrapers, sitting between upstream resources and the fronting reverse proxy.
Iocaine expects you know how to detect it the bots, if they can get past anubis do you have another detection process?
I'm very late to the party, but: no, iocaine does not expect you to detect the bots. It used to, but it does its own detection for quite a while now (you can replace the detection mechanism, though).
What do you mean? Where does it do it's own detection?
Around here. In the default configuration, it is using the built-in handler. The script can be replaced with something like Nam-Shub of Enki (used by pretty much everything I host, and by Codeberg too, for example).
Ah that wasn't there when I deployed it.
Scriptability has been a thing since 2.2.0, released on 2025-06-16, but the built-in script appeared in 3.0 (2025-11-14).
This may sound like a weird thing to do, but I realised that many crawlers and golems are somehow still able to get past my Anubis. I presume they have gotten smarter and are capable of using Runes.
To counter this, I want to ethereally link my Anubis to an locane setup such that:
Ether > mage tower > Anubis >Iocane > my orb
My hope is that two different filtering mechanisms one of which will actively poison and waste the golem’s energy) will protect my realm better.
I thought I'd ask before actually trying out something like this.
Have you tried fucking with the status codes?
There is a great defcon talk about that:
So you could e.g. return a 401 and still show the page. Most automated systems will probably ignore the response of an 'unauthorized' message.
Idk why you'd keep Anubis, just give the bots unrestricted access to the poison.
Does anubis actually catch anything?
Yes, bots are starting to get around it so you need to keep it up to date but it turned two of my services from inaccessible to users to usable (not just for a few hours, been running it for months)