This script is still vulnerable to while loop spams ~

Question

This script is still vulnerable to while loop spams ~

Opened this issue 10 years ago · 1 comments

i=0;while (i < 125){ cb.socket.send('JOIN b4b3872292a3cf3905c14d4722ad25193f00f41c 2 {NS US-01}'); i++; }

Something as simple as this goes so fast, it bypasses the rate limiter even when set at no more than 2 requests per second.

I recommend using Date.now() and checking it against their last session request and closing the connection, and using this limiter script as well. Use both, but don't rely just on this script for protection.

Answer 1 · 2015-03-29T10:20:39.000Z

I suspect that there is a bug somewhere in your code if it appears the rate limiter is being 'bypassed' (either removing too many tokens from the bucket causing the balance to go negative, or the success callback being fired without any/enough tokens being removed). If you can provide a standalone code example showing this issue I'm happy to investigate, otherwise I'll leave this issue closed as "cannot reproduce".