This has been happening for many years and they're not AI-related scrapers. These are attackers who port-scan as much IPs as possible, and attempt basic attacks on whatever they find. In your case they found Gitea, and started scraping your git commits likely in search of leaked credentials. They'll also look for Wordpress sites and try common weak credentials on wp-admin.
They're very easy to stop through honeypots and basic checks. You don't need Cloudflare. Anubis should work, but is probably more powerful than you actually need for these bots.
This has been happening for many years and they're not AI-related scrapers. These are attackers who port-scan as much IPs as possible, and attempt basic attacks on whatever they find. In your case they found Gitea, and started scraping your git commits likely in search of leaked credentials. They'll also look for Wordpress sites and try common weak credentials on wp-admin.
They're very easy to stop through honeypots and basic checks. You don't need Cloudflare. Anubis should work, but is probably more powerful than you actually need for these bots.