<!doctype html><htmllang=en-us><head><metacharset=utf-8><metahttp-equiv=x-ua-compatiblecontent="ie=edge"><metaname=viewportcontent="width=device-width,initial-scale=1,shrink-to-fit=no"><linkrel=preloadas=fonthref=/fonts/vendor/jost/jost-v4-latin-regular.woff2type=font/woff2crossorigin><linkrel=preloadas=fonthref=/fonts/vendor/jost/jost-v4-latin-700.woff2type=font/woff2crossorigin><linkrel=stylesheethref=/main.f4e82f75f039986a07346a99687f11e3218d588abe9b9daa7d0673b1a7aaee5b689ec69619c26a2962d5a124bed33807d58bd84180c249bbb8eddc33c5ef5baa.cssintegrity="sha512-9OgvdfA5mGoHNGqZaH8R4yGNWIq+m52qfQZzsaeq7ltonsaWGcJqKWLVoSS+0zgH1YvYQYDCSbu47dwzxe9bqg=="crossorigin=anonymous><noscript><style>img.lazyload{display:none}</style></noscript><metaname=robotscontent="index, follow"><metaname=googlebotcontent="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1"><metaname=bingbotcontent="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1"><title>May, 2022: Monthly Report - mCaptcha</title><metaname=descriptioncontent="Python bindings to mCaptcha PoW, DDoS effectiveness measurement, major refactoring to prepare for support for other databases, We also tried to test its DoS defence effectiveness, and some exciting news regarding managed hosting!"><linkrel=canonicalhref=/blog/may-2022-monthly-report/><metaname=twitter:cardcontent="summary_large_image"><metaname=twitter:imagecontent="/blog/may-2022-monthly-report/icon.png"><metaname=twitter:titlecontent="May, 2022: Monthly Report"><metaname=twitter:descriptioncontent="Python bindings to mCaptcha PoW, DDoS effectiveness measurement, major refactoring to prepare for support for other databases, We also tried to test its DoS defence effectiveness, and some exciting news regarding managed hosting!"><metaname=twitter:sitecontent="@"><metaname=twitter:creatorcontent="@"><metaproperty="og:title"content="May, 2022: Monthly Report"><metaproperty="og:description"content="Python bindings to mCaptcha PoW, DDoS effectiveness measurement, major refactoring to prepare for support for other databases, We also tried to test its DoS defence effectiveness, and some exciting news regarding managed hosting!"><metaproperty="og:type"content="article"><metaproperty="og:url"content="/blog/may-2022-monthly-report/"><metaproperty="og:image"content="/blog/may-2022-monthly-report/icon.png"><metaproperty="article:published_time"content="2022-06-10T00:00:00+00:00"><metaproperty="article:modified_time"content="2022-06-14T15:39:59+05:30"><metaproperty="og:site_name"content="mCaptcha"><metaproperty="article:publisher"content="https://www.facebook.com/"><metaproperty="article:author"content="https://www.facebook.com/"><metaproperty="og:locale"content="en_US"><scripttype=application/ld+json>{"@context":"http://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"\/"},{"@type":"ListItem","position":2,"name":"Blogmay 2022 Monthly Report","item":"\/blogmay-2022-monthly-report\/"}]}</script><metaname=theme-colorcontent="#fff"><linkrel=apple-touch-iconsizes=180x180href=/apple-touch-icon.png><linkrel=icontype=image/pngsizes=32x32href=/favicon-32x32.png><linkrel=icontype=image/pngsizes=16x16href=/favicon-16x16.png><linkrel=manifesthref=/site.webmanifest></head><bodyclass="blog single"><divclass="header-bar fixed-top"></div><headerclass="navbar fixed-top navbar-expand-md navbar-light"><divclass=container><inputclass="menu-btn order-0"type=checkboxid=menu-btn>
<spanclass=toggle-dark><svgxmlns="http://www.w3.org/2000/svg"width="20"height="20"viewBox="0 0 24 24"fill="none"stroke="currentcolor"stroke-width="2"stroke-linecap="round"stroke-linejoin="round"class="feather feather-moon"><pathd="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg></span><spanclass=toggle-light><svgxmlns="http://www.w3.org/2000/svg"width="20"height="20"viewBox="0 0 24 24"fill="none"stroke="currentcolor"stroke-width="2"stroke-linecap="round"stroke-linejoin="round"class="feather feather-sun"><circlecx="12"cy="12"r="5"/><linex1="12"y1="1"x2="12"y2="3"/><linex1="12"y1="21"x2="12"y2="23"/><linex1="4.22"y1="4.22"x2="5.64"y2="5.64"/><linex1="18.36"y1="18.36"x2="19.78"y2="19.78"/><linex1="1"y1="12"x2="3"y2="12"/><linex1="21"y1="12"x2="23"y2="12"/><linex1="4.22"y1="19.78"x2="5.64"y2="18.36"/><linex1="18.36"y1="5.64"x2="19.78"y2="4.22"/></svg></span></button><ulclass="navbar-nav social-nav order-3 order-md-5"><liclass=nav-item><aclass=nav-linkhref=https://github.com/mCaptcha><svgxmlns="http://www.w3.org/2000/svg"width="20"height="20"viewBox="0 0 24 24"fill="none"stroke="currentcolor"stroke-width="2"stroke-linecap="round"stroke-linejoin="round"class="feather feather-github"><pathd="M9 19c-5 1.5-5-2.5-7-3m14 6v-3.87a3.37 3.37.0 00-.94-2.61c3.14-.35 6.44-1.54 6.44-7A5.44 5.44.0 0020 4.77 5.07 5.07.0 0019.91 1S18.73.65 16 2.48a13.38 13.38.0 00-7 0C6.27.65 5.09 1 5.09 1A5.07 5.07.0 005 4.77 5.44 5.44.0 003.5 8.55c0 5.42 3.3 6.61 6.44 7A3.37 3.37.0 009 18.13V22"/></svg><spanclass="ms-2 visually-hidden">GitHub</span></a></li></ul><divclass="collapse navbar-collapse order-4 order-md-1"><ulclass="navbar-nav main-nav me-auto order-5 order-md-2"><liclass="nav-item active"><aclass=nav-linkhref=/blog/>Blog</a></li><liclass=nav-item><aclass=nav-linkhref=/community/>Community</a></li><liclass=nav-item><aclass=nav-linkhref=/contact/>Contact</a></li><liclass=nav-item><aclass=nav-linkhref=/about/>About</a></li><liclass=nav-item><aclass=nav-linkhref=/docs/introduction/installing-captcha/>Docs</a></li></ul><divclass="break order-6 d-md-none"></div><formclass="navbar-form flex-grow-1 order-7 order-md-3"><inputid=userinputclass="form-control is-search"type=searchplaceholder="Search docs..."aria-label="Search docs..."autocomplete=off><divid=suggestionsclass="shadow bg-white rounded"></div></form></div></div></header><divclass="wrap container"role=document><divclass=content><divclass="row flex-xl-nowrap"><navclass="docs-toc d-none d-xl-block col-xl-3"aria-label="Secondary navigation"><divclass=page-links><h3>On this page</h3><navid=TableOfContents><ul><li><ahref=#python-bindings-to-mcaptcha-powhttpsgithubcommcaptchapow_sha256>Python bindings to <ahref=https://github.com/mCaptcha/pow_sha256/>mCaptcha PoW</a></a></li><li><ahref=#measuring-ddos-protection-effectiveness>Measuring DDoS protection effectiveness</a></li><li><ahref=#refactor>Refactor</a></li><li><ahref=#mcaptcha-is-now-on-the-fediverse>mCaptcha is now on the Fediverse</a></li><li><ahref=#generic-hosting>Generic hosting</a></li></ul></nav></div></nav><mainclass="docs-content col-lg-11 col-xl-9 mx-xl-auto"><article><divclass=blog-header><h1>May, 2022: Monthly Report</h1><p><small>Posted June 10, 2022 by <aclass="stretched-link position-relative"href=/contributors/aravinth-manivannan/>Aravinth Manivannan</a> ‐ <strong>4 min read</strong></small><p><p><small>Last Edited June 14, 2022</small><p></div><pclass=lead>We are mCaptcha. We build kickass CAPTCHA systems that give (DDoS) attackers a run for their money. And we do all of this without tracking your users. Oh and did I mention our UX is great?</p><p>Hello and welcome to the May 2022 edition of the monthly report!</p><p>mCaptcha, for a while was showing all the signs of a dead project:
no commits on the repositories and no monthly updates. But the project
is far from dead!</p><h2id=python-bindings-to-mcaptcha-powhttpsgithubcommcaptchapow_sha256>Python bindings to <ahref=https://github.com/mCaptcha/pow_sha256/>mCaptcha PoW</a></h2><p><ahref=https://github.com/mCaptcha/pow_py>pow_py</a> contains bindings to
<ahref=https://github.com/mCaptcha/pow_sha256>pow_sha256</a>, the
automatically from within the program.</p><p>Here’s an example:</p><divclass=highlight><prestyle=color:#f8f8f2;background-color:#282a36;-moz-tab-size:4;-o-tab-size:4;tab-size:4><codeclass=language-pythondata-lang=python><spanstyle="margin-right:.4em;padding:0 .4em;color:#7f7f7f"> 1</span><spanstyle=color:#ff79c6>import</span> os
<spanstyle="margin-right:.4em;padding:0 .4em;color:#7f7f7f"> 6</span><spanstyle=color:#6272a4># get the sitekey that is used in the mCaptcha protected form</span>
<spanstyle="margin-right:.4em;padding:0 .4em;color:#7f7f7f"> 8</span><spanstyle=color:#6272a4># the hostname of the mCaptcha instance that the form is using</span>
</code></pre></div><p>This could be missed for building DDoS bots(more on that
<ahref=#measuring-ddos-protection-effectiveness>here</a>) but this could also be
used to make CAPTCHA solving automated within screen readers and other
accessibility devices!</p><h2id=measuring-ddos-protection-effectiveness>Measuring DDoS protection effectiveness</h2><p>Proof-of-work has historically been a good method to achieve rate
limiting but how much attack can it, specifically mCaptcha’s
implementation, withstand when compared to an unprotected endpoint? To
find out, we used the recently created Python bindings to the mCaptcha
PoW library, the excellent load testing tool,
<ahref=https://locust.io>locust</a> and wrote
<ahref=https://github.com/mCaptcha/dos>mCaptcha/dos</a>!</p><p><ahref=https://vitap.ac.in>VIT AP</a> kindly permitted me, @realaravinth, to use their network
security lab for setting up a isolated, contained testing environment to
mount a DDoS attack on a <ahref=https://github.com/mCaptcha/dos/tree/master/rust-server/demo-server>test
server</a>
instance.</p><p>The initial topology consisted of one mCaptcha instance, one DDoS demo
server, one locust node running in leader configuration and six locust
nodes running in follower configuration. I was authorised to use the
netsec lab for three days, which unfortunately wasn’t enough to go
finish running the experiment. <ahref=https://sibichakkaravarthy.github.io/>Dr. Sibi Chakkaravarthy
Sethuraman</a> has kindly offered to
arrange authorisation to use the netsec lab once again in July 2022,
during which I hope to finish running the experiment</p><p>Special thanks to <ahref=http://ackr8.com/>ackr-8</a> and
<ahref=https://github.com/alan2000alex>alan2000alex</a> for help with setting up
infrastructure of the experiment.</p><h2id=refactor>Refactor</h2><p>mCaptcha underwent a major refactor during the month of May: We re-wrote
and cleaned up all database-related stuff for higher flexibility
and generally good architecture. This refactor lays the foundation
for implementing support for alternate database software
programs(we currently support PostgreSQL only).</p><h2id=mcaptcha-is-now-on-the-fediverse>mCaptcha is now on the Fediverse</h2><p>We recently joined the Fediverse on a
<ahref=https://gts.batsense.net/@mcaptcha>@mCaptcha@batsense.net</a></p><h2id=generic-hosting>Generic hosting</h2><p>I, @realaravinth, have been busy with <ahref=https://forgeflux.org>ForgeFlux</a>
community and adopt <ahref=https://en.wikipedia.org/wiki/Radical_transparency#Radical_corporate_transparency>radical transparency</a> to improve trust and
reliability of the project</p><blockquote><p>P.S: I, realaravinth, would do it sooner but I’m a little busy right
now, so if someone is interested to help out do reach out and so that