💾 Archived View for bbs.geminispace.org › u › stack › 11183 captured on 2023-12-28 at 16:39:33. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-14)
-=-=-=-=-=-=-
Re: "BBS updated to Bubble v6.12"
Someone is spamming with a script...
Oct 26 · 2 months ago
🚀 clseibold · Oct 27 at 00:43:
You should look into mitigating like and reaction spam as well, since it seems like that's what they've moved to now.
Also, while it probably won't help much, you can make sure to have rate-limiting if you don't already have it. You could even rate-limit just specific routes, like limit the number of likes one could do within a second or minute or whatever.
Oh, and make sure there's idle timeouts on connections. The library I'm using for my server doesn't implement this, so I don't think it's too far-fetched to assume many other gemini servers and libraries might not implement this.
I've actually been reading about how to prevent DDoS and SYN attacks for my Smallnet Information Services (SIS) project, so that would be a good think to look into as well.
@clseibold I agree, and rate limiting does seem necessary here as the next step.
BBS updated to Bubble v6.12 — The recent prankster/troll registrations have necessitated a few changes to the previously fully open registration policy. Rather than entirely disabling user account creation, new accounts are now created with limited access rights. New accounts can only set up their profile and make posts in their user feed, without the posts appearing in any other feed (All Posts, Gemini/Atom feeds). @admin (i.e., me) will review all new accounts and then grant full access. New...