Just released: #swad 0.12 🥂

swad is the "Simple Web Authentication Daemon". It basically offers adding form + #cookie #authentication to your reverse proxy (designed for and tested with #nginx "auth_request"). I created it mainly to defend against #malicious_bots, so among other credential checker modules for "real" logins, it offers a proof-of-work mechanism for guest logins doing the same #crypto #challenge known from #Anubis.

swad is written in pure #C with minimal dependencies (#zlib, #OpenSSL or compatible, and optionally #PAM), and designed to work on any #POSIX system. It compiles to a small binary (200 - 300 kiB depending on compiler and target platform).

This release brings (among a few bugfixes) improvements to make swad fit for "heavy load" scenarios: There's a new option to balance the load across multiple service worker threads, so all cores can be fully utilized if necessary, and it now keeps lots of transient objects in pools for reuse, which helps to avoid memory fragmentation and ultimately results in lower overall memory consumption.

Read more about it, download the .tar.xz, build and install it .... here:

https://github.com/Zirias/swad

Finally documented: #swad's new "pow" credentials checker (which does "the same thing" as #anubis):

https://github.com/Zirias/swad/blob/master/README.pow.md

I *think* this is "ready for release", will probably do so soon!

#C #coding #AI #bots #malicious_bots

#Infosec2024: Third of Web Traffic Comes from Malicious Bots, Veracity Says - https://www.redpacketsecurity.com/infosec2024-third-of-web-traffic-comes-from-malicious-bots-veracity-says/

#threatintel #malicious_bots #ai_security #cyber_threats