Loading ...
Sorry, an error occurred while loading the content.

Re: Access will be denied if you use POST requests more than 15 times within 4 hours from now on

Expand Messages
  • Marc Weber
    I ve introduced a total limit of 500 POST requests within 4h which is slightly more than POST requests happen within 24h on an average day (380 posts in 24h)
    Message 1 of 15 , Apr 30, 2013
    • 0 Attachment
      I've introduced a total limit of 500 POST requests within 4h which is
      slightly more than POST requests happen within 24h on an average day
      (380 posts in 24h)

      Thus if a bot uses multiple IPs, he should still fail soon
      (unfortunately everybody else, too) - I think its more importatnt to
      protect against attacks in these cases.. Because we don't want to delete
      that many scripts and user accounts.

      I hope vim.sf.net is much safer now. I don't have any additional ideas.
      So let me know whether you think these changes are appropriate.

      Marc Weber

      --
      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php

      ---
      You received this message because you are subscribed to the Google Groups "vim_dev" group.
      To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
      For more options, visit https://groups.google.com/groups/opt_out.
    • Bram Moolenaar
      ... Thanks for doing this! I think we can be rather strict. If a human is doing a lot of work, we can ask him to try again in 4 hours. And send us a message
      Message 2 of 15 , May 1 10:02 AM
      • 0 Attachment
        Marc Weber wrote:

        > I've introduced a total limit of 500 POST requests within 4h which is
        > slightly more than POST requests happen within 24h on an average day
        > (380 posts in 24h)
        >
        > Thus if a bot uses multiple IPs, he should still fail soon
        > (unfortunately everybody else, too) - I think its more importatnt to
        > protect against attacks in these cases.. Because we don't want to delete
        > that many scripts and user accounts.
        >
        > I hope vim.sf.net is much safer now. I don't have any additional ideas.
        > So let me know whether you think these changes are appropriate.

        Thanks for doing this!

        I think we can be rather strict. If a human is doing a lot of work, we
        can ask him to try again in 4 hours. And send us a message that this
        happened, so that we can tune the limit. Perhaps for specific cases.

        Please send me a diff of the changes you made (or the new files)
        privately. Otherwise a sync from my side might overwrite your changes.
        Cc John Beckett, he is also keeping an eye on things.


        --
        hundred-and-one symptoms of being an internet addict:
        255. You work for a newspaper and your editor asks you to write an
        article about Internet addiction...in the "first person."

        /// Bram Moolenaar -- Bram@... -- http://www.Moolenaar.net \\\
        /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
        \\\ an exciting new programming language -- http://www.Zimbu.org ///
        \\\ help me help AIDS victims -- http://ICCF-Holland.org ///

        --
        --
        You received this message from the "vim_dev" maillist.
        Do not top-post! Type your reply below the text you are replying to.
        For more information, visit http://www.vim.org/maillist.php

        ---
        You received this message because you are subscribed to the Google Groups "vim_dev" group.
        To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
        For more options, visit https://groups.google.com/groups/opt_out.
      • Christian Brabandt
        Hi Bram! ... I think it just happened: http://www.vim.org/scripts/script.php?script_id=4509 regards, Christian -- Es herrscht Chaos. Wir befinden uns auf einer
        Message 3 of 15 , May 7 1:28 PM
        • 0 Attachment
          Hi Bram!

          On Mi, 01 Mai 2013, Bram Moolenaar wrote:

          > I think we can be rather strict. If a human is doing a lot of work, we
          > can ask him to try again in 4 hours. And send us a message that this
          > happened, so that we can tune the limit. Perhaps for specific cases.

          I think it just happened:
          http://www.vim.org/scripts/script.php?script_id=4509

          regards,
          Christian
          --
          Es herrscht Chaos. Wir befinden uns auf einer Drehscheibe, die
          Richtung in die Zukunft ist noch nicht gefunden. Vielleicht muß diese
          Menschheit untergehen, damit eine andere entstehen kann.
          -- Stanislav Lem

          --
          --
          You received this message from the "vim_dev" maillist.
          Do not top-post! Type your reply below the text you are replying to.
          For more information, visit http://www.vim.org/maillist.php

          ---
          You received this message because you are subscribed to the Google Groups "vim_dev" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
          For more options, visit https://groups.google.com/groups/opt_out.
        • Marc Weber
          Thanks for reporting - looks like he finally suceeded - and didn t read the message .. Hi xingchao, (this mail also goes to vim_dev mailinglist) If you cannot
          Message 4 of 15 , May 7 2:10 PM
          • 0 Attachment
            Thanks for reporting - looks like he finally suceeded - and didn't read
            the message ..

            Hi xingchao,

            (this mail also goes to vim_dev mailinglist)

            If you cannot upload, you should see a message instead.
            Due to attacks we've limited actions to 15 POST requests by IP.
            Another global limit does exist.

            Do you remember which one was hit? The message should have told you.
            Eventually we should allow more operations.

            In any case - do you have any idea why "why I can't upload" is shown
            that often :) ?

            Sincerly
            Marc Weber

            --
            --
            You received this message from the "vim_dev" maillist.
            Do not top-post! Type your reply below the text you are replying to.
            For more information, visit http://www.vim.org/maillist.php

            ---
            You received this message because you are subscribed to the Google Groups "vim_dev" group.
            To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
            For more options, visit https://groups.google.com/groups/opt_out.
          Your message has been successfully submitted and would be delivered to recipients shortly.