- Bot prevention for Elixir/Phoenix apps

Hi Elixir Forum,

I’ve been working on for a while now, and am excited to announce the beta is officially live! Here’s the announcement post.

If you currently use reCaptcha or a CDN based bot defense (Cloudflare, Akamai, etc.), you’re familiar with the problems bots cause. I’ve seen bypasses of both these systems via:

  1. Outsourced/automated captcha solving.
  2. Hosts leaking their IP address, leading to the CDN protection being completely bypassed.

The key features of are:

  1. You install the agent through your mix file.
  2. You can define a rule like, “If an IP sends > 10 logins in 10 seconds, ban it”. Unlike a CDN based approach, this cannot be bypassed due to a host IP leak.
  3. If an attacker is using a cloud server (AWS, GCP, etc.) for a large pool of IPs (see Bypassing IP Based Blocking with AWS API Gateway), the agent can be configured to block cloud provider IPs.
  4. You control the data you want to send to the backend, unlike a CDN where all your data has to pass through a third party server.
  5. A nice dashboard showing allowed and blocked requests.

The price for a personal account is $27 per month, where your site has less than 10,000 good events per month. If you sign up for the beta and provide feedback, I’m happy to drop that to $9. Business pricing scales with the number of requests.

To get access, email and I’ll add your email to the approved users list.

I hope this is posted under the correct category, I can move it if it violates a forum rule. Thank you!


Hi everyone, just a brief update, the beta is no longer invite only! I’ve published a step-by-step guide to installing Paraxial via mix here - Getting started with — Paraxial v0.0.8

To create an account, just visit - - and sign up. The agent is hosted on Hex, and installation only takes a few minutes.


Hey @realcorvus

I lately noticed that Elixir Companies website is down and it seems the maintainers do not know how to deal with spam – perhaps you could afford the generosity to offer a free plan for that project which promotes elixir?
It looks like adding Paraxial to a website is a breeze.


It’s a good idea, since Elixir Companies is not run for profit and contributes to the Elixir ecosystem. is able to detect spam/bot submissions as well.

1 Like

Tried using this but it depends on httpoison 1.0 which is a bit absurd given the latest version has been 2.1.0 for quite a while. I use v2 of httpoison because data streaming is a core part of my app so this was a hard stop for me

1 Like

Very sorry you ran into this issue, the agent has been updated to include the new versions of httpoison - paraxial | Hex

1 Like

Hi Elixir Forum, 2.0 recently launched, here’s the announcement blog post - Introducing 2.0

And a video overview of the features:

The original launch was just over a year ago, and focused on stopping bot attacks. This release helps you ensure the Elixir application you deploy cannot be hacked. For example, the sites overview page gives a list of your current sites, if they are exposed to the internet, and a summary of vulnerabilities.

There are a number of security metrics relevant to Elixir applications, including:

  • Active vulnerabilities
  • Dependency versions
  • Recent exploitation attempts
  • HTTP traffic
  • Rules for restricting bot attacks

The new Overview page for each site displays the most relevant information on one screen.

A common barrier to using security tools in Elixir is the high number of initial findings. is able to prioritize findings by severity, and provide details on how to fix the issue.

The mix task is fully compatible with your CI/CD pipeline, because it runs as normal Elixir code. For example, you can configure a Github action to check each new pull request for security problems.

If no issues are found the build is successful.

The feedback and support from the community has been really fantastic, and this release incorporates so many things learned over the last several months. Thank you all for the support, I’m so grateful to be working in Elixir, and hope this release will encourage further adoption of the language.