I built a little script that identifies public relays who don't have rate limiters on.
Found 28 of them so far.
I really recommend you guys use limiters and you'll find out why next weekend 👨💻🫡
Discussion
for those of us, that don’t know.
what are rate limiters and what do they do?
They prevent a single IP address from just making thousands of npubs and notes every minute and inserting into the relay
Should only allow like 5 per minute or something per IP
32m npubs to 500k users says it all lmfao.
After your done it’s gonna be like 100mm bots to 1 real user
Thats a good point about the many npubs, I wrote similar script to stress test my relay and found similar results but was using the same IP and npub and found that pretty much anything was being accepted by a handful of relays, including notes with invalid signatures.
Par moments c'est plus à lier aux premières des clés sur Github Nostr et après on tient à conserver une adresse du fait de l'historique qu'on ne veut pas perdre lorsqu'on parvient enfin à créer un compte parfaitement. Tout semble être plus facile maintenant de créer un compte. Cependant il demeure certains qui créent des comptes éphémères juste pour leur propre plaisir mais on arrive à les identifier . C'est stupide puisque cela fauche le nombre réel d'utilisateur si toutefois j'ai compris votre note. Bonne journée
Bien pensé puisqu'à termes on s'y retrouverait plus . Merci
List please! We wanna watch you break stuff? 😅
Limiting by IP just limits people using vpns and other carriers that use nat.. (like the entirety of China, mobile carriers and anyone using cloudflare, blastr, tor exit nodes). The relay I run has been fine for quite a while without IP limits. I've avoided charging for the relay simply to give new nostriches a place to go and I am happy that so far there's not much abuse at all in it's global.
I don't even want to be logging IPs honestly.. maybe I'll just turn all that logging off and let it ride. 🔥
Spam that doesn't make any $$ dies on its own, unless it has a purpose. It sounds like your purpose is to kill off public relays, just not really sure why.
🥺
I want us to solve these problems while we're small in a controlled way before someone tries to do it for real.
We need relays to be hard enough to withstand a real attack not just my laptop running a script
The only way to prevent the spam is to charge sats. It's a waste of time rate limiting IPs, anyone serious would use a botnet and be indistinguishable from normal traffic. I think the relay can handle it, but I'd ask that you exclude me from your test please.
I think this is really important to do.
Relays are the actual backbone to this and we need resilient ones.