Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Slexy input to use HTTPS, unique UA #94

Merged
merged 1 commit into from
Nov 30, 2019
Merged

Update Slexy input to use HTTPS, unique UA #94

merged 1 commit into from
Nov 30, 2019

Conversation

alesandroortiz
Copy link
Contributor

@alesandroortiz alesandroortiz commented Nov 26, 2019

Hello,

I'm the maintainer of the Slexy.org Pastebin. I've noticed users of this application frequently violating the Terms of Service, so here's a small PR to help remedy some of the violations. Other issues require additional work by other contributors to be resolved.

Per Slexy.org Terms of Service:

Automated creation of pastes, reading of pastes, or other HTTP(S) requests to Slexy.org via a fully or semi-automated manner (via software, scripts, code, or any source; executed with or without human action) are PROHIBITED except under the following conditions:

  • Requests MUST have a User-Agent header identifying the software making the request. The value of the User-Agent header MUST allow identification of the primary piece of software the user is using directly.

This PR sets the UA to PasteHunter, ensuring it is compliant with this item of the ToS.

Per the Terms of Service:

The combined total number of requests from any source, including any combination of sources running for the same or similar purposes, or otherwise in coordination, MUST NOT exceed 60 requests per minute.

Due to unnecessary HTTP to HTTPS redirects, PasteHunter users often exceed 60 requests per second. This PR changes the scheme to https://, which reduces the number of total requests to what is absolutely necessary, reducing the chances of users exceeding 60 requests per minute.


There is still need to throttle requests to ensure that 60 req/s is not exceeded. There does not appear to be any throttling at the moment. That is out of scope of my Python expertise, but I'd appreciate it if a maintainer or contributor implemented throttling. Otherwise, I will be forced to enforce stricter automatic rules around this, which are likely to cause PasteHunter users to be temporarily banned. Many users are already temporarily or permanently banned due to this behavior.

Thanks for reviewing this PR and understanding that all users must abide by the Terms of Service of each provider.

@Plazmaz
Copy link
Collaborator

Plazmaz commented Nov 30, 2019

Hi @thephpjedi,
I appreciate you reaching out. It seems like setting a user agent and stopping the http->https redirect would be beneficial overall to security and performance. I think the bigger lift of enabling per-input ratelimiting will need to happen as a separate push to manage the throttling, which I can take a whack at when I get the time.

Copy link
Collaborator

@Plazmaz Plazmaz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Plazmaz Plazmaz merged commit e7faa51 into kevthehermit:master Nov 30, 2019
@alesandroortiz
Copy link
Contributor Author

Thanks for reviewing and merging!

@alesandroortiz alesandroortiz deleted the patch-1 branch December 5, 2019 19:45
kevthehermit pushed a commit that referenced this pull request Dec 29, 2019
Update Slexy input to use HTTPS, unique UA
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants