New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate limiting new posts for users #3091
Comments
|
This makes sense. We currently have a ratelimit but it's super loose. Let's tighten it up for new users and ensure the error message about the ratelimiting is clear (I'd be less worried about false positives if we at least had clearer messaging for the end user. It also might make sense to auto-generate a "report" |
|
Im just starting to look into this as my first contribution here. I have a couple of questions.
|
|
I have a working rate limiter for new articles. My preference at this point would be to implement these changes asap, then raise a couple of new tickets for the other points that were addressed by @benhalpern. These being:
|
|
Hey @GeorgeColdham, noticed you closed your PR here. Are you still interested in working on the issue? |
|
Hi @jessleenyc @GeorgeColdham |
|
Hi @tamcv, first and foremost: thank you for offering to work on this. The issue is available, we have added some rate limiting in the past which is around 9 posts (where 9 is a configurable option) each 30 seconds which might be too wide of a net frankly. We might want to discuss what we want to achieve exactly before you set out writing code. I'm ccing @mstruve @jessleenyc and @benhalpern which should provide additional information. ps. if you could wait until we merge #7444 it'd be grand as it's going to impact the structure of the code anyway. |
|
Sure @rhymes, I can learn somethings from your PR in the meantime.
And we should keep the current rate limitings ( 9 post/30s & 9 comments/30s) to avoid spamming from high-tier users too |
|
I don't think it should ever be unlimited bc there is no reason for it except that it opens us up to script abuse. If someone is providing quality content to the site then it is very, very likely they are not cranking out hundreds of comments or posts an hour. If they are then that is something we need to work with them to create a better workflow bc right now we are not optimized for that. These limits are a combination of what we think users actually need to contribute easily and without issues to the DEV community, while at the same time keeping in mind our ability to process all of the new content on the backend. If we end up in situations where users need the ability to publish A LOT more then we need to re-evaluate our code paths and likely write new ones to help make that happen. |
|
Given that we now have rate-limiting on article creation I think we can close this issue. https://github.com/forem/forem/blob/master/app/services/rate_limit_checker.rb#L87 |
Is your feature request related to a problem? Please describe.
I occasionally find my feed clogged with posts that I guess are bots? Or users trying to push users off site.
Describe the solution you'd like
Rate limit users posts per hour. Perhaps loosen limits for people who have old enough accounts and/or enough post interactions.
Describe alternatives you've considered
Creating a bot to filter out any similarly titled articles?
Additional context

Example of my latest feed:
Examples of users who have been created today and have posted 15+ posts each within the last 40 minutes:



The text was updated successfully, but these errors were encountered: