waifu/kemoverse
waifu/kemoverse
3
2
Fork 3
Code Issues 11 Pull requests 2 Projects 1 Releases Packages Wiki Activity

Rate limit registrations per instance #43

New issue
Open
opened 2025-06-01 17:35:49 -07:00 by waifu · 0 comments
waifu commented 2025-06-01 17:35:49 -07:00
Owner
Copy link

Currently, users can register new accounts via the signup command without restriction. This opens the door to potential abuse, especially from malicious actors or scripts repeatedly creating accounts on an open instance to bypass cooldowns or spam the bot (rolling cards over and over and transfering them over to other accounts).
To reduce abuse, a rate limit on registrations per instance implementation would suffice.

Proposed behaviour:

  • Applying a configurable limit to the signups
  • Return a friendly message when rate-limited:
    • (mention) 🛑 Signup rate exceeded for your instance. Please wait before trying again.

Implementation:

  • During signup command use a helper function before insert_player()
    • is_registration_rate_limited(domain: str) -> bool
Currently, users can register new accounts via the signup command without restriction. This opens the door to potential abuse, especially from malicious actors or scripts repeatedly creating accounts on an open instance to bypass cooldowns or spam the bot (rolling cards over and over and transfering them over to other accounts). To reduce abuse, a rate limit on registrations per instance implementation would suffice. Proposed behaviour: - Applying a configurable limit to the signups - Return a friendly message when rate-limited: - (mention) 🛑 Signup rate exceeded for your instance. Please wait before trying again. Implementation: - During signup command use a helper function before insert_player() - is_registration_rate_limited(domain: str) -> bool
👍 1
waifu added the
Feature
Refactoring
 labels 2025-06-01 17:35:49 -07:00
waifu added this to the v2.0 project 2025-06-01 17:35:49 -07:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
stats_system
website
pleroma-support
any-env-and-bind-address
misc-bugfixes
docs
card-creator
18_reduce_tuples
fix_username_case_sensitivity
No results found.
Labels
Clear labels   
Bug

Something's Not Working Right

  
Feature

New Functionality For The Bot

  
Feedback Wanted

Looking for Feedback

  
Refactoring

Codebase Changes

  
Won't Do

Nah Mate.

No labels
Bug
Feature
Feedback Wanted
Refactoring
Won't Do
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
v2.0
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: waifu/kemoverse#43
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?