Spam #91
Comments
|
Thank you for the heads up. I'm trying to clean up. |
|
I believe I've cleaned up most of it. The service is up again. |
|
I'll close it tomorrow if I can't find any more entries like that. |
|
It happened again. I took down the page while I find time to clean up and add a check to somehow alleviate it. Today I believe I won't have time to do it. |
What is this exploit exactly and how are you going to patch it? Is there going to be an ETA on when the site is going to be back up? |
|
so the exploit works by just spamming shader upload form (POST https://glslsandbox.com/e). |
good idea but is there any downsides to this? |
i dont think so? you can read more about turnstile here: https://www.cloudflare.com/products/turnstile/ |
|
It's strange that your user appears in the payload in some of the spammy effects: |
|
@Memexurer I would use captcha just as last resort. This adds friction to users and I prefer to find other ways before resorting to that. Immediate things I plan to do:
The big problem is letting the clients create new effects without rate limit. This let the spammer generate 250k effects very fast. I'm planning as first step adding a rate limit per client and give error if it is sending too many effects in a short time. I also plan to do the same when the payload is equal or similar but this will be done afterwards. @mrdoob what do you think? |
Very strange indeed... |
|
@jfontan considering the nature of the site, maybe we could add Github Oauth? |
I'll take a look at how this can be implemented. |
|
The underlying idea being that if we save the user for each effect, we could potentially report the spammy users to Github so they get banned 馃 |
People suck! You try to do something nice and someone always and without fail shits all over you 馃槩
The text was updated successfully, but these errors were encountered: