Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

i'm getting a bit tired of stupid relay bouncers that keep on submitting events to my relays without authing, and then just keep on doing it no matter that they are getting blocked: auth required messages.

so i'm employing my LLM coding agent to spin me up a temp ban system so that it blacklists an IP address for 10 minutes after it repeatedly attempts to publish event without paying attention to the response.

hopefully the agent will not make a total hash of this and with a small bit of checking i will have it implemented.

if your fucking event publish script doesn't stop trying to publish when it gets responses, you are an asshole, and the default standard response to assholes is shunning.

10 minutes is long enough to cut the traffic level down. you will just get "connection reset by peer" or some similar message over and over again in your fucking logs, if you fucking even use logs, you assholes, and my logs won't be spammed with constant bullshit.

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

ha, nice, the agent even picked out the nice common "three strikes" rule automatically even though i didn't specify it.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

it didn't think to extend it to the websocket message reader tho. this means the socket would remain open and they would be able to keep doing it without having to go through the websocket upgrade process.

adding this now so that the websocket protocol immediately drops the connection of an IP that has 3 times attempted event publish without authing when required.

for the HTTP API it will not block requests because they are one at a time, read events will not be blocked, only writing events for the 10 minute

processing events costs compute and database queries. this reduces that load, for auth disrespectoors.

because fuck them. they are braindead jerkwads.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

i loved how quickly i was able to implement that. was driving me nuts looking at this shit.

i figured that probably underlying libraries being used by these jerks probably even recognise when the peer keeps dropping connections that they back off.

the log shows that this worked.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

it is now deployed and the latest tag on https://orly.dev now has this functionality.

was driving me nuts for the last few weeks watching blastr type servers keep on doing it.

i'm gonna get the agent to escalate the ban time by double every time also.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

that is now done, so the more insistent and persistent the pest is, the more vigorous the response.

note that this also will mean that users using clients that don't do auth with outbox will effectively be permabanned until they use a client that doesn't.

and so it should be.

i pay for my relay to run. i'm paying for their stupidity. not anymore.

Avatar
S!ayer 5mo ago

Make it 8 mins, fuck it

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

i'm inclined to make it double every time they do it sequentially, but i think it cuts back the noise enough just to auto-ban them for 10 minutes.

my relay's shiny performance properties would be depleted by serving these assholes requests and that's a bad thing for anyone providing this as a service for pay

Avatar
𝕞ptf 5mo ago

Go for 7. Its a lucky number

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

10 minutes, and then do it again, 20, then again 40, then 80, 160, 320, 640, 1280, which then goes into the days

Avatar
Hazey 5mo ago

Are you blocking IPS or npubs

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

IPs that keep sending events (3x in a row) without auth after having responses three times saying auth is required.

Avatar
Hazey 5mo ago

Oh ok I think npub blocking is better but maybe it's too far up the stack

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

well, if you saw the logs of your relay constantly telling you some dumbass keeps on trying to publish events, gets ok,false,"auth-required:" and ignores it and publishes another, and another, and another, all from the same IP, you'd get it.

my relay is decoding that stupid event, verifying its signature, and then telling the client it has to auth. so, it does it 3 times, that client is being ignored for 10 minutes. it's not going to be humans doing this, it's publishing other people's events at a rate of like 2-3 per second.

think about the load that's putting on my relay when i'm following the protocol and telling them to auth first and the client is just blasting at me.

whoever built the blaster thing that's doing it, needs to be slapped upside the head

also, i'm rejecting this idea you can control spam with just no auth and ... what do you propose is going to be the method of deciding? whitelist? ah but muh onburding. blacklist? ever wanted to play whack a mole without a prize?

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 5mo ago

also, i already have npub blocking but blacklisting is an extremely poor security measure when there is literally like 2^250 npubs that can exist. it's like infinite whack-a-mole and no prize