×
AI guardian Anubis thwarts massive DDoS attack on websites
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

A DDoS attack targeting the ScummVM project demonstrated how specialized tools like Anubis can effectively protect web applications from distributed threats without resorting to IP blocking or geo-restrictions. This case study highlights the evolving sophistication of modern web security approaches that can intelligently filter malicious traffic while maintaining accessibility for legitimate users—a critical capability as bot attacks become increasingly difficult to distinguish from human visitors.

The attack pattern: A monitoring system first detected unusual server behavior that gradually escalated into a complete website outage.

  • Initial warnings showed increased load on the MariaDB server, which appeared temporarily but didn’t immediately impact site performance beyond slight slowdowns.
  • After several days of intermittent alerts, the attack intensified, completely saturating Apache2, PHP-FPM pools, and MariaDB connections.
  • Server logs revealed approximately 35,000 unique IPs involved in the attack, primarily from residential networks worldwide, making traditional IP blocking impractical.

The solution: Anubis, a specialized filtering program, was deployed to intercept connections before they reached the web application.

  • The tool sits between the HTTP/HTTPS server and the application server, analyzing incoming traffic and only forwarding “good” connections.
  • Originally designed to protect against AI scraper bots, Anubis examines parameters like user agent information to identify suspicious connection patterns.
  • The system presents a proof-of-work challenge that legitimate browsers can solve but automated scrapers typically cannot, effectively distinguishing between human and bot traffic.

The results: Implementing Anubis immediately resolved the server issues despite the ongoing attack.

  • Server load dropped significantly after deployment, with no further monitoring alerts.
  • The solution maintained site accessibility for legitimate users without requiring IP blocking or geo-restrictions, preserving the open nature of the project.
  • At the time of writing, the attack was still ongoing but no longer impacting server performance.

Why this matters: This case demonstrates the effectiveness of intelligent traffic filtering as an alternative to broad blocking techniques, particularly for open-source projects that cannot implement geographic restrictions.

The Day Anubis Saved Our Websites From a DDoS Attack

Recent News

Gemini AI powers smarter automation and camera features in Google Home

Gemini AI now enables natural language creation of smart home routines and enhances camera functionality with searchable video content and automated monitoring.

Somerset Council trials AI to speed up special educational needs reports

AI automation allows Somerset caseworkers to reduce paperwork and spend more time directly helping children with special needs while maintaining human oversight of final decisions.

Surfshark report reveals alarming data collection by AI chatbots

Popular AI chatbots collect vast amounts of personal data, with Meta AI harvesting 90% of possible data types while others collect significantly less for the same functionality.