I created my own CVSweb if anyone is interested in using it. Everything seems to work fine including old links as long as you replace the domain.
https://cvs.groovyexpress.com/ As for dealing with the malicious bots my current method is to just place an HTTP auth for any diff path that makes bots return 401 and makes regular users deal with a one time password prompt using the source revision software as the name and password. This has worked reliable well to stop bots from crashing my Gitea site so I am sure it will work the same for CVSweb.
