#318 Rate limiting to prevent accidental/intentional denial-of-service

Reporter google@dbb.io
Owner MattJ
Created
Updated
Stars ★ (1)
Tags
  • Type-Enhancement
  • Status-Fixed
  1. google@dbb.io on

    I encountered a nasty bug in Trillian: http://beta:beta@bugs.ceruleanstudios.com/show_bug.cgi?id=13533 (user/pass: beta/beta) that caused me to DOS my own server by flooding it with <presence /> stanzas. What's worse is that they would be sent to other servers of users on my roster. Potentially harming other servers in the process. To Prosody's credit it didn't go down or even use that much memory, it just happily kept processing all the <presence />s while consuming 100% cpu. Therefore, it would be nice if Prosody would detect excessive communication from a client, kill the connection, and prohibit further connections for some period of time. Of course, ideally, all the specifics would be configurable policy.

  2. MattJ on

    Hello friend! We have a plugin for exactly what you describe, available in prosody-modules: https://code.google.com/p/prosody-modules/wiki/mod_limits It still needs more testing before it can be bundled with Prosody itself (something I'd like to do in the release after the upcoming one), but a bunch of servers are now running it successfully. Give it a try and let us know how it goes :)

    Changes
    • tags Type-Enhancement Status-Fixed
    • owner MattJ
  3. google@dbb.io on

    Excellent, I'll give it a shot.

New comment

Not published. Used for spam prevention and optional update notifications.