I am experimenting with a server setup and I'm asking myself if it is really a good idea to solely rely on registering users to be required to enter an email address. Because this alone can create a situation of resource exhaustion aka. dos attack. In the clearweb you would check for the IP to avoid mass registration or credential stuffing, what would you do in I2P?
PS. It seems I have accidentally triggered a ddos attack on http://tracker2.postman.i2p.
I have removed the problematic material immediately but I guess this incidents shows how much you need dos attack defence in this environment.
Setting up a server - what to do against flooding?
Re: Setting up a server - what to do against flooding?
some ideas - captcha, have index lead to the interactive part of site, rate limiting, autoban b32's that do things you don't want (too many gets, try to go to /admin etc). Incorporating irc bots as a registration tool can be a way too, that's something i've been trying out.
i2p+ is helpful for that. give it a list of places you don't want people to go and set limits there, gives you a .txt file of b32's that do that thing, can set up the tunnel to read from that file to get a blocklist. that way blocklisted b32's are dropped at the router level and they don't touch the server.
i2p+ is helpful for that. give it a list of places you don't want people to go and set limits there, gives you a .txt file of b32's that do that thing, can set up the tunnel to read from that file to get a blocklist. that way blocklisted b32's are dropped at the router level and they don't touch the server.
Re: Setting up a server - what to do against flooding?
Postman blocks me as soon as I click on new pages too quickly with the mouse in my hand, serially and not in parallel. What your accidental attack should have looked like is a mystery to me.
Captcha: Honest users should pay for the incompetence of the site administration. Not with me. If you want to run a server for users, you should also prioritize the needs of your community.
Java-I2P+ is Java-I2P with different colors and a few off-the-wall settings (settings that anyone can make themselves). The above defense mechanism has been built into Java-I2P for years.
Just my 2 cents
What kind of server do you have in mind?
Captcha: Honest users should pay for the incompetence of the site administration. Not with me. If you want to run a server for users, you should also prioritize the needs of your community.
Java-I2P+ is Java-I2P with different colors and a few off-the-wall settings (settings that anyone can make themselves). The above defense mechanism has been built into Java-I2P for years.
Just my 2 cents
What kind of server do you have in mind?
Re: Setting up a server - what to do against flooding?
http://zzzmirror.i2p/topics/3445-multi- ... be-careful
as far as i know there's a wider feature set in that area in i2p+ although it's been a while since i've used cannon. i2p+ is bleeding edge, cannon is more stable, as i see it
looking at what happened at terminus.i2p, looks like they were able to get rid of their captcha by putting the real site behind the index like postman does
as far as i know there's a wider feature set in that area in i2p+ although it's been a while since i've used cannon. i2p+ is bleeding edge, cannon is more stable, as i see it
looking at what happened at terminus.i2p, looks like they were able to get rid of their captcha by putting the real site behind the index like postman does
Re: Setting up a server - what to do against flooding?
Since there were no further questions on the subject, the matter is considered closed. »Wish is fulfilled«, as Postman would say. Please open a new thread for similar questions.