Blockchain and Backend Developer Privacy Advocate Crypto Enthusiast
Spamming and DDoS attacks have increased by a large margin in the past few years. While there are already a lot of rigid mitigation methods for guarding against lower-layer attacks (such as SYN or ICMP flooding, Smurf attack, DNS amplification, and more), implementation on an application layer can prove to be more troubling.
Application layer DDoS mitigation requires the service itself to differentiate between a bot and a human in order to provide services only to legit human users and to curb mass spamming. Attempts at so-called "Turing" tests were implemented to do so, hence the original captchas. However, bot-makers rendered them useless with text recognition powered by machine learning.
Google then led the switch to image-based ReCaptcha, which is seriously a very bad user experience. Because it makes the test harder for bots, the images are barely categorizable in plenty of cases. Personally, I really hate ReCaptchas, especially when the topic is something like “Choose all the Bridges”. Therefore, I decided to provide an easy alternative with a much better UX: “simply wait for your browser to do the rest for you”.
PoW Shield provides DDoS protection on the OSI application layer by authenticating traffic using a simple proof-of-work validation process.
So basically, the PoW Shield works as a proxy in front of the actual web app/service. It conducts verification and only proxies authorized traffic through to the actual server. The proxy is easily installable and is capable of protecting low-security applications.
Here’s what happens behind the scenes when a user browses a PoW Shield-protected web service:
Simply clone the repository to the server you want PoW to run on, install dependencies, edit configurations, and you’re all set.
PoW Shield is currently still a work in progress, feel free to lend me a hand on implementing these features or providing suggestions (features or optimization).
Create your free account to unlock your custom reading experience.