#119 tor users blocked

Open
opened 2 months ago by themusicgod1 · 12 comments

getting reports that tor users are no longer allowed to register. What gives?

getting reports that tor users are no longer allowed to register. What gives?
pcsv commented 2 months ago
Please see and join the discussion on https://mastodon.technology/@codeberg/103480576712180186 and https://mastodon.technology/@codeberg/103486719874749650
hw commented 2 months ago
Owner

Due to the ongoing spam flood attacks via Tor described in the threads mentioned above we have disallowed disposable email providers.

Tor exit nodes are still allowed but unless we find a way to stop these attackers we see currently little choice for the next steps but to block these exit nodes for API or possibly even for all access attempts.

Maybe you have a more elegant idea that is implementable short-term?

Due to the ongoing spam flood attacks via Tor described in the threads mentioned above we have disallowed disposable email providers. Tor exit nodes are still allowed but unless we find a way to stop these attackers we see currently little choice for the next steps but to block these exit nodes for API or possibly even for all access attempts. Maybe you have a more elegant idea that is implementable short-term?
hugot commented 2 months ago

Hi, I made a thing that could help solve this issue: https://codeberg.org/hugot/gitea-api-protector

Also posted on the fediverse at https://amsterdon.nl/@hugot/103490154227247581

Hi, I made a thing that could help solve this issue: https://codeberg.org/hugot/gitea-api-protector Also posted on the fediverse at https://amsterdon.nl/@hugot/103490154227247581
6543 commented 2 months ago
to: <https://mastodon.technology/@codeberg/103480576712180186> Gitea Issues: * [Rate-limit comments/issues opens #9785](https://github.com/go-gitea/gitea/issues/9785) * [[Feature] API Rate Limiting #9559](https://github.com/go-gitea/gitea/issues/9559) * [[Feature] [Extend] API Rate Limiting by User Creation Age #9847](https://github.com/go-gitea/gitea/issues/9847)
hw commented 2 months ago
Owner

@hugot wrote:

Hi, I made a thing that could help solve this issue: https://codeberg.org/hugot/gitea-api-protector

Also posted on the fediverse at https://amsterdon.nl/@hugot/103490154227247581

cool! We will deploy on codeberg-test and have a closer look next days! (currently very busy due to annual member assembly preparations)

Do you think it is worth joining your ideas with the issues listed above to synchronize all changes upstream?

@hugot wrote: > Hi, I made a thing that could help solve this issue: https://codeberg.org/hugot/gitea-api-protector > > Also posted on the fediverse at https://amsterdon.nl/@hugot/103490154227247581 cool! We will deploy on codeberg-test and have a closer look next days! (currently very busy due to annual member assembly preparations) Do you think it is worth joining your ideas with the issues listed above to synchronize all changes upstream?
hw commented 2 months ago
Owner

@6543 wrote:

to: https://mastodon.technology/@codeberg/103480576712180186

Gitea Issues:

Rate-limit comments/issues opens #9785 [Feature] API Rate Limiting #9559 [Feature] [Extend] API Rate Limiting by User Creation Age #9847

Great, thank you! This seems all moving into the right direction.

@6543 wrote: > to: https://mastodon.technology/@codeberg/103480576712180186 > > Gitea Issues: > > Rate-limit comments/issues opens #9785 > [Feature] API Rate Limiting #9559 > [Feature] [Extend] API Rate Limiting by User Creation Age #9847 > Great, thank you! This seems all moving into the right direction.
themusicgod1 commented 2 months ago
Poster

all those are 404s

all those are 404s
pcsv commented 2 months ago

Seems the issue formatter makes issue links local when quoting. In the original comment by @6543 links point to proper remote issue.

Seems the issue formatter makes issue links local when quoting. In the original comment by @6543 links point to proper remote issue.
hugot commented 2 months ago

@hw:

Do you think it is worth joining your ideas with the issues listed above to synchronize all changes upstream?

I think there's some great ideas mentioned in those issues. I like the idea of having a more sophisticated reputation system in particular. How about implementing that in a separate program while it's not in gitea yet?

To keep things simple, I could add a new HTTP endpoint to the api-protector to add verified users without a pull request.

It shouldn't be too hard to write a program that periodically calls the gitea API to calculate user reputations using values like amounts of stars received etc. That program could then use the new endpoint in the api-protector to automatically make users verified, without them needing to create a pull request first.

Curious to hear what you think of this solution!

@hw: > Do you think it is worth joining your ideas with the issues listed above to synchronize all changes upstream? I think there's some great ideas mentioned in those issues. I like the idea of having a more sophisticated reputation system in particular. How about implementing that in a separate program while it's not in gitea yet? To keep things simple, I could add a new HTTP endpoint to the api-protector to add verified users without a pull request. It shouldn't be too hard to write a program that periodically calls the gitea API to calculate user reputations using values like amounts of stars received etc. That program could then use the new endpoint in the api-protector to automatically make users verified, without them needing to create a pull request first. Curious to hear what you think of this solution!
hw commented 2 months ago
Owner

Long-term it feels that the feature would be beneficial to all users, so incorporating it in Gitea itself seems more future-proof? Aside from an active long-term maintainer community all information is also accessible locally there.

If you like, we could set up a simple playground with a local fork (for example from https://codeberg.org/Codeberg/gitea or embedded in https://codeberg.org/Codeberg/build-deploy-gitea), that then deploys to https://codeberg-test.org for testing.

Long-term it feels that the feature would be beneficial to all users, so incorporating it in Gitea itself seems more future-proof? Aside from an active long-term maintainer community all information is also accessible locally there. If you like, we could set up a simple playground with a local fork (for example from https://codeberg.org/Codeberg/gitea or embedded in https://codeberg.org/Codeberg/build-deploy-gitea), that then deploys to https://codeberg-test.org for testing.
hugot commented 2 months ago

I don't think I'm the right person for that at this time. I have other projects that I want to work on and I can't fit in a big commitment like that atm.

I mainly created the api-protector and proposed the separate program because both are feasible to implement short-term.

Another pro is that this approach makes it trivial for people to experiment with custom reputuation systems written in whatever language they want.

The outcome of such experiments might help with the implementation of a robust reputation system in gitea when that time comes as well.

I don't think I'm the right person for that at this time. I have other projects that I want to work on and I can't fit in a big commitment like that atm. I mainly created the api-protector and proposed the separate program because both are feasible to implement short-term. Another pro is that this approach makes it trivial for people to experiment with custom reputuation systems written in whatever language they want. The outcome of such experiments might help with the implementation of a robust reputation system in gitea when that time comes as well.
hw commented 2 months ago
Owner

Thank you! A great idea in any case.

Thank you! A great idea in any case.
Sign in to join this conversation.
No Milestone
No Assignees
5 Participants
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Cancel
Save
There is no content yet.