I've used WxWidgets and Win32 API in C. I suspect OP will quickly learn why electron is popular even though it's so bloated. That said, sounds like OP wants a light weight and cross platform option, so WxWidgets gets my vote. Granted it's been over 10 years since I've used it.

I agree unless the backend server is including it in the response/response headers for some reason, which wouldn't make a tool like this work in the general case. I thought maybe there was a Cloudflare API that would inadvertently leak the origin IP in an error response in some special case or something of that nature, but I'd assume they would have patched that rather quickly. I'm very curious if this tool ever worked and if so, how.

If you had a single specific host you were trying to find the origin server for, you could basically scan their ASN and well known data center, particularly the big cloud provider, IPs by sending requests to them with the desired host header to try to find an entry point (load balancer, reverse proxy, web server), but I don't think that's practical, particularly with a free API that (presumably) responded in a reasonable amount of time. The underlying API used by the linked script is no longer available, so I don't know if it worked or response times.

Furthermore, a well configured system should ignore requests not originating from Cloudflare's IPs (or use a tunnel) to prevent bypassing Cloudflare, although I've seen plenty not do this. Cloudflare even publishes the subnets you should allow. Easy to integrate that in to a cron type job, terraform, or other way to keep rules updated even though they've very rarely changed.

I was curious as to how it's done unfortunately that repo won't answer. All it's doing is calling a separate http api that returns the IP. I looked quickly and didn't find a repo for that other API.

A ton of companies have ESOP, but that doesn't stop enshitification because the employees generally don't own enough shares to exert control.

I like forums, but maybe I'm part of the problem. I've read a forum obsessively for years without registering an account. Even when I have an account, I rarely post/comment. I've been reading Lemmy almost daily for over a year before registering an account and don't reply much even with an account. Decentralization starts with individuals, so I'm going to try to add signal to the fediverse.

I generally prefer the traditional flat forum UI with oldest first, but that's mostly a client issue. The problem though is if others are using a different UI the conversation may flow differently (think threaded vs flat forums).

RE karma, a lot of forums show post counts and like counts next to their forum profile, which is often included in every reply, so in some ways, the likes (karma) was a little more in your face. I think there was less astro turfing due to scope of benefit. What I mean is that while traditional forums were decentralized, so was the account and its reputation, so karma (like/post count) farming was isolated to that specific forum/community and if you were astro turfing, you'd get banned and lose that and could not transsfer that to other forums. Services like reddit effectively make this transferrable between forums. I'm concerned about how this will play out as decentralized platforms grow. It could be worse than reddit. I've been trying to come up with ways to handle this, but I can find flaws in every idea I've had so far.

A friend (works in IT, but asks me about server related things) of a friend (not in tech at all) has an incredibility low traffic niche forum. It was running really slow (on shared hosting) due to bots. The forum software counts unique visitors per 15 mins and it was about 15k/15 mins for over a week. I told him to add Cloudflare. It dropped to about 6k/15 mins. We excitemented turning Cloudflare off/on and it was pretty consistent. So then I put Anubis on a server I have and they pointed the domain to my server. Traffic drops to less than 10/15 mins. I've been experimenting with toggling on/off Anubis/Cloudflare for a couple months now with this forum. I have no idea how the bots haven't scrapped all of the content by now.

TLDR: in my single isolated test, Cloudflare blocks 60% of crawlers. Anubis blocks presumably all of them.

Also if anyone active on Lemmy runs a low traffic personal site and doesn't know how or can't run Anubis (eg shared hosting), I have plenty of excess resources I can run Anubis for you off one of my servers (in a data center) at no charge (probably should have some language about it not being perpetual, I have the right to terminate without cause for any reason and without notice, no SLA, etc). Be aware that it does mean HTTPS is terminated at my Anubis instance, so I could log/monitor your traffic if I wanted as well, so that's a risk you should be aware of.