Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

reason 10342 why nostr nip-42 auth is important

relay spiders make incredibly expensive requests constantly all day long that chew huge amounts of processing and disk access time usually for nothing

simply by requiring auth the spiders go away

it's actually mandatory for me to enable this because it really seems to me like nostr traffic has reached a point where you cannot possibly run a relay without inordinate infra unless you control access and limit it to your intended purposes
Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 11mo ago

and yes, i am working on other resource exhaustion attack mitigations, i have just found one relating to queries that just query on kind and time limits, as used by spiders

these cost so much iops and processing time and memory that i'm having to put my foot down about this

i dunno if i can even cap this properly

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 11mo ago

i'm making a new rule that queries that have no criteria at all but time limits are ignored

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 11mo ago

these assclowns running spiders constantly trying to pull the whole damn event store from the relay are not getting service, what the fuck...

oh well, this is relay policy, i'm just making this public readable because we need that for publication purposes and generally seems like a reasonable thing, but queries that overburden the relay's resources are not ok

i think if the user is authed, and whitelisted then ok, otherwise no, but even then, i may have to make further mitigations, but for now simply blocking these vague queries is fixing the problem

da
Rand 11mo ago

bounce

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 11mo ago

humbug... i really do have to remove the access counter code at this point, sigh