Interview with Michael Lubas on Bot Prevention with Elixir

Michael Lubas is the founder of, which helps Elixir developers stop fraudulent bot activity in their web applications. He is interested in the application of Elixir in software security.

Please tell me a bit about what does. is a bot detection and prevention tool for Elixir and Phoenix applications. A bot in this context means a client communicating with your web application that is not a “real human”. For example, someone visiting your website from a mobile phone or desktop web browser is classified as a human. A bash script that sends a request to your website every five minutes is a bot.

If you operate a website, you will see good and bad bots. Most website owners want their site to be indexed by Google, for example, so they would not block Googlebot, the crawler that indexes sites for Google. A bot that’s attempting thousands of login attempts per minute using stolen credentials is a bad bot.

How does compare to CloudFlare?

Cloudflare is notable for being an anti-DDoS vendor and CDN provider, they also offer a different product specifically for blocking bot traffic. Most big CDN vendors are in the position where once they get a client through the anti-DDoS service, they want to upsell them on a bot detection service.

There are problems with doing bot detection at edge, for example if the server you are protecting leaks its real IP address, the attacker can completely bypass the CDN-based detection. Another popular anti-bot measure is reCaptcha, most people online have been frustrated by having to select pictures of stop signs, so the downsides to that approach are obvious.

There are major benefits to our approach over how Cloudflare deals with this problem. is installed in your Elixir application code, so you have greater control over what data you want to send to our backend, for example. This is an advantage of over Cloudflare for data-privacy conscious customers. can be used with Cloudflare as well. For example, you may use their CDN service, and then for bot detection. There’s no conflict at all.

Why did you choose the Phoenix web application framework for

I chose Phoenix for the backend because it’s a really fantastic way to create web applications. There’s a great harmony between the development of‘s backend, and the code that our customers run, because everyone is using Elixir. 


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: