I seem to crash when I go to a certain website...

zapper · 2025-07-19 22:50:09

git.devuan.org is that website.

If i stay on it for a certain amount of time, because of the anubis bot, my entire web browser closes.

I am using palemoon and have this problem. The weird thing is, I don't have this problem with other anubis protected websites, just this one.

Very strange...

anyone else have this problem?

I have had this happen 3 times. Although oddly it worked on the fourth time without a problem. I was not touching any part of the screen when that worked though.

I wonder why its bugging on me this way.

Last edited by zapper (2025-07-19 22:56:35)

EDX-0 · 2025-07-19 23:41:27

first of all to get this out of the way, anubis is not a bot but an implementation of the hashcash system for websites instead of e-mail https://en.wikipedia.org/wiki/Hashcash

that outta the way, could be that the version of anubis used by git.devuan.org is one of the versions that triggers a bug with the JS engine, similar to what was happening with the anubis author's blog (uses anubis from git main) causing Firefox v115-ESR to freeze some times, palemoon being a hard fork of older firefox is possible that it is hitting a similar if not the same bug on the JS engine that has existed in the codebase of firefox for who knows how long and only got fixed somewhere along firefox v116 to v120

that is if the bug was not something introduced either during the partial redesign of the js engine during palemoon v28.7 OR more recently in the js engine changes during v33.3

but that is just throwing ideas of what could it be out in the air not something really useful, i'd try to get some logs and report the bug upstream as the author does test on both firefox and palemoon, hell palemoon is even featured in a screenshot passing the anubis test

zapper · 2025-07-20 00:02:47

@EDX-0 perhaps I should show Moonchild your post. See if he understands what you mean. He probably will.

Altoid · 2025-07-20 17:05:23

Hello:

zapper wrote:

git.devuan.org is that website.

Was passing by and tried* it out:

Unable to connect
An error occurred during a connection to git.devuan.org.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the web.

* 128.3.1esr (64-bit) without Pihole or uBlock enabled.

Best,

A.

Last edited by Altoid (2025-07-20 17:06:30)

fanderal · 2025-07-20 18:47:13

Calculating...
Difficulty: 5, Speed: 30.324kH/s
Success!
Done! Took 61648ms, 2292655 iterations
I've finished reading, continue

FF 140.0.4, site allowed in NoScript, JShelter
Same results for Librewolf 140.0.4-1

zapper · 2025-07-20 22:43:57

@altoid I will never disable ublock origin. Even on a site I think is safe.

Other people do try to break though security protocols in otherwise safe websites anyhow.

Call it paranoia if you want, but that's how I plan to do this

ralph.ronnquist · 2025-07-20 22:52:57

mmm a bit peculiar how you identify with the browser

Perhaps you have a good alternative of a means to stop the DDoS attacks from spiders and AI? It's a delicate balance to allowing such people that identify with their browsers whilst disallowing bot traffic.

zapper · 2025-07-20 23:10:29

@ralph.ronnquist I don't quite understand what you mean. I don't hate anubis, it is somewhat annoying, but cloudflare takes the cake when it comes to being infuriating.

Anubis and goaway seem to be much less annoying for me then cloudflare and other captcha craps.

ralph.ronnquist · 2025-07-20 23:26:47

Yeah; my reference is to your thread title: "I seem to crash when I go to a certain website..."

EDX-0 · 2025-07-21 03:34:58

he is become browser, the viewer of websites

Xe · 2025-07-23 14:32:31

Hi, main author of Anubis here.

This has been fixed in v1.21.1 (https://anubis.techaro.lol/blog/release … -bug-fixes contains the details as to what went wrong). Please update the version of Anubis to v1.21.1 on devuan.org.

Be well,

Xe

golinux · 2025-07-23 14:39:49

@Xe . . . welcome to Devuan!

steve_v · 2025-07-24 05:33:55

@Xe Fixed my arse. What you mean is "Found a slightly different way to break the web".
Actually "fixed" would be "gone".

I am still not going anywhere near any site that intentionally wastes my CPU cycles, particularly when it does so with a bunch of javascript it would otherwise not need at all.

Further, to exhume a nugget from the '90s I thought we all grasped by now:
"Stop obsessing over user-agents" (because now you've created #269).

To pull some more gems from your own bugtracker:
"Congratulations, you just broke the web"
"this is a problem for this entire class of software"
"we only support IE6" and "we've known that's bad practice for 25+ years"

Your answer to #269:
"Anubis is going to implement TLS fingerprinting support and that discrepancy between a Windows user agent with a Linux TLS fingerprint will be caught as suspect instantly."
Will break sites for anyone running a privacy-centric browser or extension that always supplies a windows UA regardless of platform, something several currently do.

Go away. Stop breaking sites for non-mainstream browsers and people with user-agent switchers or anti-fingerprinting extensions. User-agent is an advisory header only, and the user can set it however they wish. (ab)using it the way you are is broken design.

You've already (disingenuously) removed mention of "proof of work" because you know people hate it, now you're going to draw the ire of anyone who has a problem with browser fingerprinting (ya know, that thing every asshat corporation does to track you) in general.

Uhh, congratulations on all the new enemies I guess?

Last edited by steve_v (2025-07-24 06:06:21)

ralph.ronnquist · 2025-07-24 06:31:31

Perhaps, rather than a string of negativity, you have a good solution for how to avoid the server being DDoSed by all today's crawlers?

EDX-0 · 2025-07-24 12:49:50

the way that things look anubis is the way forward to stop the uncountable number of web scraping bots without having to dump money onto cloudflare and prepend a captcha to every website, well that is unless those who don't like it stops saying "i hate this thing that wastes my cpu cycles and breaks 'The WEB'" and come up with a better solution

steve_v · 2025-07-24 13:01:10

ralph.ronnquist wrote:

a good solution

Not of the top of my head, but this ridiculous arms-race sure isn't it. Not when the "cure" does exactly the same type of damage as the "disease", and certainly not when the open web, legitimate crawlers like the Internet Archive, and any users exhibiting "irregular behavior"[sic] (where the definition of "irregular" is up to Xe) are considered acceptable collateral damage.

To hammer home just how insane blocking based on a TLS fingerprint / UA mismatch is... Unless things have changed very recently, doing that will break sites for the TOR browser, of all things. Shall we just throw privacy in general under this bus as well?

What's next? Unmodified Chrome on a TPM-verified "approved" OS? How far are we going to take this madness? Google far?

Last edited by steve_v (2025-07-24 13:29:44)

ralph.ronnquist · 2025-07-24 13:32:01

DDoS is an abbreviation for "Distributed Denial of Service". It is a label given to what happens when a "rouge actor" sets up a system where a large number of computers "hammers" a service with incessant networking, and the service gets bogged down so that it fails to provide service.

That is what git.devuan.org is suffering of; a constant such hammering is happening that is a magnitude or more larger than how it was just a year ago.

The Anubis front-end feature makes it possible for git.devuan.org to provide service.

Your input is without value unless you can provide an alternative solution.

steve_v · 2025-07-24 13:35:10

Your ~~input~~ website is without ~~value~~ visitors unless you can provide an alternative solution.

FTFY.

greenjeans · 2025-07-24 13:56:21

Plus the little cartoon girl thing is juvenile and a little creepy.

chris2be8 · 2025-07-24 16:20:03

Could you mitigate the scrapers by rate-limiting by IP address? Eg addresses making more that 10 requests per minute get responses delayed so they only get 10 responses per minute. That would not be too bad for a human, but hurt scrapers trying to train an AI system.

Sites that are obviously training an AI system should be fed AI generated drivel so they end up with an AI system that produces rubbish output.

fsmithred · 2025-07-24 17:31:10

Our website was already without visitors before the current solution was put in place. At least now some of us can get there.

FWIW, I see more cpu activity going to other websites than I do with git.devuan.org. I tested cbsnews.com, cnn.com and youtube.com.

rbit · 2025-07-24 18:03:36

Could you mitigate the scrapers by rate-limiting by IP address? Eg addresses making more that 10 requests per minute get responses delayed so they only get 10 responses per minute. That would not be too bad for a human, but hurt scrapers trying to train an AI system.

(from reading back in my irc logs) Something similar was tried for a short time. Unfortunately, the first "D" in DDoS (Distributed) meant that approach was not very effective. After successfully slowing down the bots for a few days via IP-address blocking, they adapted to use a unique IP address for each request. Before anubis was added to the site, the web interface was pretty much unusable most of the time.

"Anubis is going to implement TLS fingerprinting support and that discrepancy between a Windows user agent with a Linux TLS fingerprint will be caught as suspect instantly."
Will break sites for anyone running a privacy-centric browser or extension that always supplies a windows UA regardless of platform, something several currently do.

If that's all that is done, just use a user-agent that displays the actual o/s family (i.e. Linux). There are several "valid" (default for a browser) user-agents that could be rotated through, without needing to report Windows as the o/s. I know it's not a perfect solution for privacy, but the user-agent string matching the operating system probably isn't a huge deal. I wonder what happens if your user-string says "MyBrowser 1.2.3.4" - will anubis block access entirely?

steve_v · 2025-07-24 19:16:23

rbit wrote:

just use a user-agent that displays the actual o/s family (i.e. Linux).

From the torbrowser design docs:

Design Goal: All Tor Browser users MUST provide websites with an identical user agent and HTTP header set for a given request type. We omit the Firefox minor revision, and report a popular Windows platform.

rbit wrote:

I wonder what happens if your user-string says "MyBrowser 1.2.3.4" - will anubis block access entirely?

Likely, if the dev's attitude is anything to go by:

Maybe that one guy that sets his Chrome version to 150 would have issues

Installing a user-agent switcher is highly irregular behavior

It seems that user-agent switchers behave consistently in firefox and safari. You may want to use one of those two options

I would not suggest on relying on a user agent switcher in the future. Anubis is going to implement TLS fingerprinting support and that discrepancy between a Windows user agent with a Linux TLS fingerprint will be caught as suspect instantly.

AKA: "~~We only support ie6~~. Use a conforming browser. Anyone who doesn't conform is a weirdo and anubis will block them."

We rail against gratuitous javascript and browser fingerprinting, and we promote privacy... Except here, where apparently it's just fine.
We rail against forced ~~systemd wayland adoption~~ software-conformity, and advocate for user-choice... Except here, where apparently it's just fine.

This thing is blatantly speech-police for web browsers, and one small step away from a de-anonymisation engine. It uses all the same methods we love to hate when others do it. I'd make a slippery-slope comment, but you've heard them all already.

Last edited by steve_v (2025-07-24 19:44:40)

tux_99 · 2025-07-24 20:14:17

I was about to write that I agree with steve_v that anubis makes git.devuan.org a torture to use as in the past weeks every time I tried to access it I had anubis running literally for 5 minutes or so before it granted me access, but I just tried again and I got past anubis in less than 1 second, not sure if it was just a fluke or if something has changed so that it will always be that quick.

So at the moment I reserve judgment.

That said, with regards to the DDOS by dodgy AI scrapers, I have that problem too on my websites and I solved it with IP address block lists implemented with ipset using the kernel firewall of linux. I don't block single IPs I block whole /24, /16 or even /12 network ranges of many hosting/cloud providers, as I found that these attacks predominantly come from very specific cheap/dodgy hosting/cloud providers, almost never from end customer (DSL/fiber/mobile) IP addresses.

If the admins of git.devuan.org are interested in my blocklist I can provide it, but only privately as sharing it publicly could induce the AI scrapers to adapt their strategies.

Last edited by tux_99 (2025-07-24 20:27:04)

golinux · 2025-07-24 20:29:44

tux_99: See the scrollback @ https://dev1galaxy.org/viewtopic.php?pid=56877#p56877

The officially official Devuan Forum!

#1 2025-07-19 22:50:09

I seem to crash when I go to a certain website...

#2 2025-07-19 23:41:27

Re: I seem to crash when I go to a certain website...

#3 2025-07-20 00:02:47

Re: I seem to crash when I go to a certain website...

#4 2025-07-20 17:05:23

Re: I seem to crash when I go to a certain website...

#5 2025-07-20 18:47:13

Re: I seem to crash when I go to a certain website...

#6 2025-07-20 22:43:57

Re: I seem to crash when I go to a certain website...

#7 2025-07-20 22:52:57

Re: I seem to crash when I go to a certain website...

#8 2025-07-20 23:10:29

Re: I seem to crash when I go to a certain website...

#9 2025-07-20 23:26:47

Re: I seem to crash when I go to a certain website...

#10 2025-07-21 03:34:58

Re: I seem to crash when I go to a certain website...

#11 2025-07-23 14:32:31

Re: I seem to crash when I go to a certain website...

#12 2025-07-23 14:39:49

Re: I seem to crash when I go to a certain website...

#13 2025-07-24 05:33:55

Re: I seem to crash when I go to a certain website...

#14 2025-07-24 06:31:31

Re: I seem to crash when I go to a certain website...

#15 2025-07-24 12:49:50

Re: I seem to crash when I go to a certain website...

#16 2025-07-24 13:01:10

Re: I seem to crash when I go to a certain website...

#17 2025-07-24 13:32:01

Re: I seem to crash when I go to a certain website...

#18 2025-07-24 13:35:10

Re: I seem to crash when I go to a certain website...

#19 2025-07-24 13:56:21

Re: I seem to crash when I go to a certain website...

#20 2025-07-24 16:20:03

Re: I seem to crash when I go to a certain website...

#21 2025-07-24 17:31:10

Re: I seem to crash when I go to a certain website...

#22 2025-07-24 18:03:36

Re: I seem to crash when I go to a certain website...

#23 2025-07-24 19:16:23

Re: I seem to crash when I go to a certain website...

#24 2025-07-24 20:14:17

Re: I seem to crash when I go to a certain website...

#25 2025-07-24 20:29:44

Re: I seem to crash when I go to a certain website...

Board footer