Loading ...
Sorry, an error occurred while loading the content.

Re: Access will be denied if you use POST requests more than 15 times within 4 hours from now on

Expand Messages
  • Marc Weber
    This still does not protect agains resource exhaustion (mysql users exceeded - which appened). There are modules for apache to prevent excessive site usage by
    Message 1 of 15 , Apr 30, 2013
    • 0 Attachment
      This still does not protect agains resource exhaustion (mysql users
      exceeded - which appened). There are modules for apache to prevent
      excessive site usage by bot like attacks. Maybe we should propose
      sourcreforge to set them up?

      Marc Weber

      --
      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php

      ---
      You received this message because you are subscribed to the Google Groups "vim_dev" group.
      To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
      For more options, visit https://groups.google.com/groups/opt_out.
    • Marc Weber
      I ve introduced a total limit of 500 POST requests within 4h which is slightly more than POST requests happen within 24h on an average day (380 posts in 24h)
      Message 2 of 15 , Apr 30, 2013
      • 0 Attachment
        I've introduced a total limit of 500 POST requests within 4h which is
        slightly more than POST requests happen within 24h on an average day
        (380 posts in 24h)

        Thus if a bot uses multiple IPs, he should still fail soon
        (unfortunately everybody else, too) - I think its more importatnt to
        protect against attacks in these cases.. Because we don't want to delete
        that many scripts and user accounts.

        I hope vim.sf.net is much safer now. I don't have any additional ideas.
        So let me know whether you think these changes are appropriate.

        Marc Weber

        --
        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php

        ---
        You received this message because you are subscribed to the Google Groups "vim_dev" group.
        To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
        For more options, visit https://groups.google.com/groups/opt_out.
      • Bram Moolenaar
        ... Thanks for doing this! I think we can be rather strict. If a human is doing a lot of work, we can ask him to try again in 4 hours. And send us a message
        Message 3 of 15 , May 1, 2013
        • 0 Attachment
          Marc Weber wrote:

          > I've introduced a total limit of 500 POST requests within 4h which is
          > slightly more than POST requests happen within 24h on an average day
          > (380 posts in 24h)
          >
          > Thus if a bot uses multiple IPs, he should still fail soon
          > (unfortunately everybody else, too) - I think its more importatnt to
          > protect against attacks in these cases.. Because we don't want to delete
          > that many scripts and user accounts.
          >
          > I hope vim.sf.net is much safer now. I don't have any additional ideas.
          > So let me know whether you think these changes are appropriate.

          Thanks for doing this!

          I think we can be rather strict. If a human is doing a lot of work, we
          can ask him to try again in 4 hours. And send us a message that this
          happened, so that we can tune the limit. Perhaps for specific cases.

          Please send me a diff of the changes you made (or the new files)
          privately. Otherwise a sync from my side might overwrite your changes.
          Cc John Beckett, he is also keeping an eye on things.


          --
          hundred-and-one symptoms of being an internet addict:
          255. You work for a newspaper and your editor asks you to write an
          article about Internet addiction...in the "first person."

          /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
          /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
          \\\ an exciting new programming language -- http://www.Zimbu.org ///
          \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

          --
          --
          You received this message from the "vim_dev" maillist.
          Do not top-post! Type your reply below the text you are replying to.
          For more information, visit http://www.vim.org/maillist.php

          ---
          You received this message because you are subscribed to the Google Groups "vim_dev" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
          For more options, visit https://groups.google.com/groups/opt_out.
        • Christian Brabandt
          Hi Bram! ... I think it just happened: http://www.vim.org/scripts/script.php?script_id=4509 regards, Christian -- Es herrscht Chaos. Wir befinden uns auf einer
          Message 4 of 15 , May 7, 2013
          • 0 Attachment
            Hi Bram!

            On Mi, 01 Mai 2013, Bram Moolenaar wrote:

            > I think we can be rather strict. If a human is doing a lot of work, we
            > can ask him to try again in 4 hours. And send us a message that this
            > happened, so that we can tune the limit. Perhaps for specific cases.

            I think it just happened:
            http://www.vim.org/scripts/script.php?script_id=4509

            regards,
            Christian
            --
            Es herrscht Chaos. Wir befinden uns auf einer Drehscheibe, die
            Richtung in die Zukunft ist noch nicht gefunden. Vielleicht muß diese
            Menschheit untergehen, damit eine andere entstehen kann.
            -- Stanislav Lem

            --
            --
            You received this message from the "vim_dev" maillist.
            Do not top-post! Type your reply below the text you are replying to.
            For more information, visit http://www.vim.org/maillist.php

            ---
            You received this message because you are subscribed to the Google Groups "vim_dev" group.
            To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
            For more options, visit https://groups.google.com/groups/opt_out.
          • Marc Weber
            Thanks for reporting - looks like he finally suceeded - and didn t read the message .. Hi xingchao, (this mail also goes to vim_dev mailinglist) If you cannot
            Message 5 of 15 , May 7, 2013
            • 0 Attachment
              Thanks for reporting - looks like he finally suceeded - and didn't read
              the message ..

              Hi xingchao,

              (this mail also goes to vim_dev mailinglist)

              If you cannot upload, you should see a message instead.
              Due to attacks we've limited actions to 15 POST requests by IP.
              Another global limit does exist.

              Do you remember which one was hit? The message should have told you.
              Eventually we should allow more operations.

              In any case - do you have any idea why "why I can't upload" is shown
              that often :) ?

              Sincerly
              Marc Weber

              --
              --
              You received this message from the "vim_dev" maillist.
              Do not top-post! Type your reply below the text you are replying to.
              For more information, visit http://www.vim.org/maillist.php

              ---
              You received this message because you are subscribed to the Google Groups "vim_dev" group.
              To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
              For more options, visit https://groups.google.com/groups/opt_out.
            Your message has been successfully submitted and would be delivered to recipients shortly.