16
[PSA] Admins: Watch for the antiyanks troll and consider adjusting your rate limits (lemmy.world)
submitted 3 months ago* (last edited 3 months ago) by admiralpatrick@lemmy.world to c/fediverse@lemmy.world
25 comments fedilink hide all child comments

"Antiyanks" is back at it again and has switched tactics to spamming a massive number of comments in a short period of time. In addition to being annoying (and sad and pathetic), it's having a deleterious effect on performance and drowns out any discussions happening in those posts. That spam also federates as well as the eventual removals, so it's not limited to just the posts being targeted.

Looking at the site config for the home instance of the latest ~~two~~ three alts, the rate limits were all 99999999. 🤦‍♂️

Rate limits are a bit confusing, but they mean: X number of requests per Y seconds per IP address.

The comment API endpoint has its own, dedicated bucket. I don't recall the defaults, but they're probably higher than you need unless you're catering to VPN users who would share an IP.

Assuming your server config is correctly passing the client IP via the XFF header, 20 calls to the /create_comment endpoint per minute (60 seconds) per client IP should be sufficient for most cases, though feel free to adjust to your specific requirements.

Edit: A couple of instances accidentally set the "Messages" bucket too low. That bucket is a bit of a catch-all for API endpoints that don't fit a more specific bucket. You'll want to leave that one relatively high compared to the rest. It's named "Messages" but it covers far more than just DMs.

you are viewing a single comment's thread
view the rest of the comments
[-] Sal@mander.xyz 4 points 3 months ago

Thanks for the heads up. I don't know what 'Antiyanks' is, but I already had to ban one comment spammer.

The rate limits are indeed a bit confusing. The settings are:

Rate Limit: X Per Second: Y

I understand this to be 'X for every Y seconds'

So, a 'Comments' Rate limit: 10, Per second: 60, means a maximum of 10 comments per minute, correct?

Maybe the reason you see 99999999 is due to troubleshooting. I have increased my instance's limits multiple times while troubleshooting server issues, because the meaning of the settings was not clear to me. These limits are usually not the reason for the sever issue, but I put some high number and did not bring them back down after the issues were resolved.

I have lowered them now to more reasonable numbers. I will also be more strict with new applications for the time being.

[-] Sal@mander.xyz 3 points 3 months ago* (last edited 3 months ago)

Hmmm - after changing these settings to what I think are reasonable settings, the server crashed and I am now getting 'Too many requests' messages.... So, perhaps there is something not working so well with these rate limits, or I am still misunderstanding their meaning.

load more comments (9 replies)
this post was submitted on 22 Aug 2025
16 points (90.0% liked)

Fediverse

38326 readers
23 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago
MODERATORS
ruud@lemmy.world
TragicNotCute@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world