The outfit’s self-hosted Git repository was repeatedly hammered into oblivion by what amounted to a polite DDoS from rogue bots pretending to be humans, so it has built a cryptographic doorman named Anubis and shoved the server behind a VPN.
Despite deploying the usual defences — tweaking `robots.txt`, blocking sketchy user agents, and playing firewall roulette — Xe Iaso quickly discovered that AI crawler bots have all the ethics of a toddler in a cookie jar. They lied, they spoofed, and they hid behind residential IP addresses, like digital cockroaches, and didn’t care about being polite web citizens.
The situation got so bad Iaso penned a blog post titled “a desperate cry for help… it’s futile to block AI crawler bots.”
But this isn't just Xe Iaso’s hell — it’s a full-blown crisis spreading like malware through the open-source community.
According to a recent LibreNews report, some projects are seeing up to 97 per cent of their traffic coming from AI bots, which would be hilarious if it weren’t slowly grinding public infrastructure into dust.
Bandwidth bills are skyrocketing, performance is plummeting, and maintainers — most of whom are unpaid volunteers — are being drawn into a never-ending game of “which bot just ate my server?”
Fedora Pagure’s sysadmin team gave up trying to reason with the machines and just blocked Brazil entirely, which is a bold diplomatic strategy. GNOME went full bunker mode, adopting Xe Iaso’s Anubis system that forces users to burn CPU cycles before accessing content.
It’s great at keeping the bots out but less significant if you're a human trying to open a GitLab link on your mobile phone in under two minutes.
Meanwhile, KDE’s infrastructure got temporarily knocked out by Alibaba-originated crawler traffic, raising the question of whether any open-source project is safe from this avalanche of automated idiocy.
Anubis is working, technically. However, it also means that anyone who wants to peek at some code now needs to wait, much like they would when trying to board a Ryanair flight — minus the legroom. If this trend continues, the open web may end up being more closed off than Apple’s walled-garden App Store.
