I've been researching the bot & proxies space for years. I slowly incubated a service to protect public forms, contents and APIs. It recenty reached a few million daily requests and I now dare to bring it to light.
Truesign detects bots, proxies/vpns and fake emails, through a single request from the browser, without challenges or user interaction. It can block the request based on rules you choose, or grant a token with encrypted information about the visitor for you to decide.
I created a few pages to showcase how it works:
- https:/demo.truesign.ai/protected-form : a form you can't post if you're a bot, a human behind a vpn, or input a fake/disposable email
- https:/demo.truesign.ai/protected-content : a page you can't access if you're a bot or a human behind a vpn
- https:/demo.truesign.ai/protected-content-no-js : like above but there's no Javascript analysis of the browser, it only catches trivial bots like a python script or curl. For those that need to serve their content to javascript-less cients.
I'd love if you hackers could attempt to troll the above using bots or VPNs. I'll share the results in 24h.
Some interesting points about Truesign:
- your contents are protected by simple HTTP redirections, no need to place your whole infra behind a MITM (== Cloudflare)
- attack detection: allow bots and anonymizers until their traffic exceeds a suspicious threshold
- granular rules (i.e. block bots, flag fake emails) that can be switched in real time
- admin dashboard to inspect and analyze your traffic
There's a free plan to play around. Also I offer discounts to free/public services.
Super interested in your feedback!
reply