Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Opening multiple tabs may result in rate limits and increased number of requests against home server #27282

Open
blocked-by-Mastodon-in-retaliation opened this issue Oct 5, 2023 · 3 comments
Open

Opening multiple tabs may result in rate limits and increased number of requests against home server #27282

blocked-by-Mastodon-in-retaliation opened this issue Oct 5, 2023 · 3 comments
Assignees
@andypiper
Labels
area/web interface Related to the Mastodon web interface bug Something isn't working status/to triage This issue needs to be triaged

Comments

@blocked-by-Mastodon-in-retaliation
Copy link

Steps to reproduce the problem

  1. open multiple windows or tabs with URLs of various user posts, DMs, etc of user's mastodon host server

...

Expected behaviour

not implement DDOS attack

Actual behaviour

implemented DDOS attack

Detailed description

opening multiple windows or tabs implements DDOS attack causing user interface to fail with Rate limited error in each of the windows/tabs, making mastodon unusable for that user. See attached animated gif.

workaround is to use a 3rd party plugin to force the various tabs to stop their DDOS attack

if project is unable to implement user interface that does not have this DDOS problem, then probably having concurrent connections open from multiple windows/tabs should somehow be disabled. If unable to implement that, probably should disclose this problem in the documentation. Should probably also provide a link directly to the documentation from somewhere in the user interface. As in, PTFM (provide the friendly manual).

mastodon DDOS

Mastodon instance

kolektiva.social

Mastodon version

v4.2.0. (FYI this form is incorrect, this is not displayed at the bottom of the About page)

Browser name and version

firefox 118.0

Operating system

Windows 10 Pro version 22H2

Technical details

No response
@blocked-by-Mastodon-in-retaliation blocked-by-Mastodon-in-retaliation added area/web interface Related to the Mastodon web interface bug Something isn't working status/to triage This issue needs to be triaged labels Oct 5, 2023
@andypiper andypiper self-assigned this Oct 5, 2023
@andypiper
Copy link
Sponsor Member

Assigning to myself to check on the issue the user has raised in the issue template.

@ClearlyClaire ClearlyClaire changed the title opening multiple windows or tabs implements DDOS attack causing user interface to fail with Rate limited error Opening multiple tabs may result in rate limits and increased number of requests against home server Oct 6, 2023
@ClearlyClaire
Copy link
Contributor

There are two issues in this report:

  1. opening multiple tabs may cause you to run into rate limits
  2. under certain conditions, running into an error (including rate limits) will cause requests to be re-issued in an infinite loop

That second issue is partly addressed by #27286 (but there may be other cases of this).

@norpol
Copy link

norpol commented Mar 28, 2024

Related issue comment here #25644 (comment) that suggests utilizing the "page visibility api" (as someone on Discord also pointed that out).

The behavior still showed up for me after having 13 different mastodon.social tabs open.

This was referenced Apr 25, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andypiper andypiper

Labels
area/web interface Related to the Mastodon web interface bug Something isn't working status/to triage This issue needs to be triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ClearlyClaire @andypiper @norpol @blocked-by-Mastodon-in-retaliation