reason 10342 why nostr nip-42 auth is important
relay spiders make incredibly expensive requests constantly all day long that chew huge amounts of processing and disk access time usually for nothing
simply by requiring auth the spiders go away
it's actually mandatory for me to enable this because it really seems to me like nostr traffic has reached a point where you cannot possibly run a relay without inordinate infra unless you control access and limit it to your intended purposes
and yes, i am working on other resource exhaustion attack mitigations, i have just found one relating to queries that just query on kind and time limits, as used by spiders
these cost so much iops and processing time and memory that i'm having to put my foot down about this
i dunno if i can even cap this properly
i'm making a new rule that queries that have no criteria at all but time limits are ignored
these assclowns running spiders constantly trying to pull the whole damn event store from the relay are not getting service, what the fuck...
oh well, this is relay policy, i'm just making this public readable because we need that for publication purposes and generally seems like a reasonable thing, but queries that overburden the relay's resources are not ok
i think if the user is authed, and whitelisted then ok, otherwise no, but even then, i may have to make further mitigations, but for now simply blocking these vague queries is fixing the problem
Lol optimize your serverz ... or centralize "auth"
