
I'm working on a simple general ratelimiter to deploy across many features in Gosora to curb the amount of abuse that Gosora might receive.
I'm trying to keep it fairly loose for regular users unlike certain naive systems in MyBB, etc. (even Reddit to some extent) which punish legitimate users for using the software too heavily or in certain ways, but I'd also like to restrict any machines which do manage to get through.
For other rate limiter related things~
I've made the rate limiting rules for password resets a little stricter, although I did this by making it stricter over larger time intervals (e.g. one email per hour, three per six hours, etc), so I'm hoping it won't be too stringent on users using the form a few times to resend an email which didn't arrive.
I'm trying to keep it fairly loose for regular users unlike certain naive systems in MyBB, etc. (even Reddit to some extent) which punish legitimate users for using the software too heavily or in certain ways, but I'd also like to restrict any machines which do manage to get through.
For other rate limiter related things~
I've made the rate limiting rules for password resets a little stricter, although I did this by making it stricter over larger time intervals (e.g. one email per hour, three per six hours, etc), so I'm hoping it won't be too stringent on users using the form a few times to resend an email which didn't arrive.