Rate limiting new posts for users

[GeorgeColdham]

Is your feature request related to a problem? Please describe.
I occasionally find my feed clogged with posts that I guess are bots? Or users trying to push users off site.

Describe the solution you'd like
Rate limit users posts per hour. Perhaps loosen limits for people who have old enough accounts and/or enough post interactions.

Describe alternatives you've considered
Creating a bot to filter out any similarly titled articles?

Additional context
Example of my latest feed:

Examples of users who have been created today and have posted 15+ posts each within the last 40 minutes:

[benhalpern]

This makes sense. We currently have a ratelimit but it's super loose. Let's tighten it up for new users and ensure the error message about the ratelimiting is clear (I'd be less worried about false positives if we at least had clearer messaging for the end user.

It also might make sense to auto-generate a "report" feedback_message to be sent to our support channel whenever someone hits the ratelimit. It will help us deal more quickly with spam and pay better attention to any possible false positives.

[GeorgeColdham]

Im just starting to look into this as my first contribution here. I have a couple of questions.

• What would be a good rate limit for new users? Im thinking ~4 posts an hour?
• How do you define a new user? Account age, number of posts, number of ❤️'s, etc?

[GeorgeColdham]

I have a working rate limiter for new articles. My preference at this point would be to implement these changes asap, then raise a couple of new tickets for the other points that were addressed by @benhalpern.

These being:

• Report accounts that hit the rate limit to the support channel
• Limit this to new users

[jessleenyc]

Hey @GeorgeColdham, noticed you closed your PR here. Are you still interested in working on the issue?

[tamcv]

Hi @jessleenyc @GeorgeColdham
Is this issue available to pick up? I would like to make my first contribution for dev.to.

[rhymes]

Hi @tamcv, first and foremost: thank you for offering to work on this. The issue is available, we have added some rate limiting in the past which is around 9 posts (where 9 is a configurable option) each 30 seconds which might be too wide of a net frankly.

We might want to discuss what we want to achieve exactly before you set out writing code.

I'm ccing @mstruve @jessleenyc and @benhalpern which should provide additional information.

ps. if you could wait until we merge #7444 it'd be grand as it's going to impact the structure of the code anyway.

[tamcv]

Sure @rhymes, I can learn somethings from your PR in the meantime.
By the way, I would like to propose the new limit tiers structure based on users contribution as the following:

1. Tier 1:
   • Conditions: Time.now - created_at < 1.day
   • Limitation: 30 comments / hour, 5 posts / hour
2. Tier 2:
   • Conditions: (current_posts * 2 + interactions) < 5
   • Limitation: 60 comments / hour, 10 posts / hour
3. Tier 3:
   • Conditions: 5 <= (current_posts * 2 + interactions) < 50
   • Limitation: 120 comments / hour, 20 posts / hour
     so on for tiers 3, 4, 5 till tier has limitation is unlimited.
     (Need you guys help to define the conditions above number...)

And we should keep the current rate limitings ( 9 post/30s & 9 comments/30s) to avoid spamming from high-tier users too

[mstruve]

I don't think it should ever be unlimited bc there is no reason for it except that it opens us up to script abuse. If someone is providing quality content to the site then it is very, very likely they are not cranking out hundreds of comments or posts an hour. If they are then that is something we need to work with them to create a better workflow bc right now we are not optimized for that.

These limits are a combination of what we think users actually need to contribute easily and without issues to the DEV community, while at the same time keeping in mind our ability to process all of the new content on the backend. If we end up in situations where users need the ability to publish A LOT more then we need to re-evaluate our code paths and likely write new ones to help make that happen.

[mstruve]

Given that we now have rate-limiting on article creation I think we can close this issue. https://github.com/forem/forem/blob/master/app/services/rate_limit_checker.rb#L87