powered by Jive Software

[Suggestion] Implement rate-limiting/anti-abuse

Considering the open nature of the XMPP network and regular issues with abuse, I would like to see some form of rate-limiting/anti-abuse implementation for clients connected to OF.

Suggestions:

  • Configurable rates to check on (messages/minute or messages/second)
  • Potentially checking for large numbers of identical messages received
  • If rates are exceeded, the option to drop messages (silently or with a message to the client)
  • If rates are exceeded, automatic disabling of accounts (for severe cases, separate rate limits or repeat offenders?)
  • Adding more client session info in the admin interface, e.g. the client user-agent, to be able to spot bots quickly

Iā€™m not sure if this would be better implemented in the core or as a plugin, but it seems to me essential enough to consider it for the core.

1 Like