Welcome to Atheist Discussion, a new community created by former members of The Thinking Atheist forum.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Change search restriction time to 10 seconds
#1
Information 
Change search restriction time to 10 seconds
[Image: ZsBSzG2.png]

This is really annoying. The forum is set to one search per 30 seconds per user. This is to prevent server overload, however that value is way too high and leads to the common experience of having to wait 20 seconds or so before you can do your search. Please change the time in the MyBB settings to 10 seconds. This will still prevent excessive search requests while improving the experience for all forum members.

As you can see above, to take that screenshot I did two searches as quickly as I could in one tab. So with 10 second limit you would barely ever experience the wait page under normal conditions. I'd even suggest we could go as low as 5 seconds, but I'd be happy with any value up to 10 seconds. 8 seconds might be a good value. @Mathilda you can check the server logs before and after the change to ensure that this doesn't lead to an unacceptable increase in server load. However I might point out you can actually disable search for users that are not logged in if server load is a concern. The setting is called Search Flood Time, you find it under config>settings>search system.

Thanks!
The following 1 user Likes Aractus's post:
  • Minimalist
Reply
#2

Change search restriction time to 10 seconds
Seriously?  Surely an extra 20 seconds of your life isn't the end of the world as you know it?

I'm more than happy to wait 30 seconds  between searches.  And if this
really "annoys" you, then I suggest you take a chill pill mate!       Dodgy
I'm a creationist;   I believe that man created God.
The following 1 user Likes SYZ's post:
  • TheGentlemanBastard
Reply
#3

Change search restriction time to 10 seconds
30 seconds? Not long if you're rowing a boat from San Francisco to Hawaii. A bit longer if you're on fire.
  [Image: pirates.gif] Dog  
Reply
#4

Change search restriction time to 10 seconds
I'm with Danny on this one.  It's annoying.
Robert G. Ingersoll : “No man with a sense of humor ever founded a religion.”
The following 2 users Like Minimalist's post:
  • Gawdzilla Sama, Aractus
Reply
#5

Change search restriction time to 10 seconds
Insert dittoness here.
  [Image: pirates.gif] Dog  
Reply
#6

Change search restriction time to 10 seconds
It would be different if they were getting flooded, we don't know what's happening on the back side.
Reply
#7

Change search restriction time to 10 seconds
I want a plug-in that reads my mind and delivers my desiderata before I even realize I want it. <snaps fingers>
The following 1 user Likes Thumpalumpacus's post:
  • TheGentlemanBastard
Reply
#8

Change search restriction time to 10 seconds
This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.
[Image: color%5D%5Bcolor=#333333%5D%5Bsize=small%5D%5Bfont=T...ans-Serif%5D]
The following 4 users Like Dom's post:
  • skyking, Thumpalumpacus, Mathilda, SYZ
Reply
#9

Change search restriction time to 10 seconds
(01-22-2020, 07:32 PM)Dom Wrote: This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.

[Image: signature%20The-Ascension-of-Iweko.jpg]
Reply
#10

Change search restriction time to 10 seconds
(01-22-2020, 07:32 PM)Dom Wrote: This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.

The first thing that came to mind ... it could make dos attacks much easier.
Maybe that not at all how they work, but it could be a consideration.
The following 1 user Likes Bucky Ball's post:
  • Mathilda
Reply
#11

Change search restriction time to 10 seconds
Maybe construct appropriate search terms in the first place?

Just a thought.
The following 2 users Like Thumpalumpacus's post:
  • TheGentlemanBastard, SYZ
Reply
#12

Change search restriction time to 10 seconds
Oddly, for the first time in what seems like weeks I am running into that "can't connect to server error."
Robert G. Ingersoll : “No man with a sense of humor ever founded a religion.”
Reply
#13

Change search restriction time to 10 seconds
[Image: 51WA2dZmYUL._SS500_SS500_.jpg]
Being told you're delusional does not necessarily mean you're mental. 
Reply
#14

Change search restriction time to 10 seconds
(01-22-2020, 09:47 PM)Thumpalumpacus Wrote: Maybe construct appropriate search terms in the first place?

Just a thought.

That's not the issue. The issue is that if you use any of the search functions as your bookmark like View Today's Posts or View New Posts, then that counts as a search as far as the server is concerned and you can't do a search for 30 seconds.

(01-22-2020, 07:32 PM)Dom Wrote: This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.

It shouldn't make any substantial difference to a DDOS attack (which by nature is distributed), and the best option to prevent DDOS attacks from taking the server offline is to get hosting in a DDOS protected network.
Reply
#15

Change search restriction time to 10 seconds
I've used "search" a few times but rarely...is this something that people need often?
Reply
#16

Change search restriction time to 10 seconds
(01-23-2020, 12:22 AM)Aractus Wrote:
(01-22-2020, 09:47 PM)Thumpalumpacus Wrote: Maybe construct appropriate search terms in the first place?

Just a thought.

That's not the issue. The issue is that if you use any of the search functions as your bookmark like View Today's Posts or View New Posts, then that counts as a search as far as the server is concerned and you can't do a search for 30 seconds.

You have my sympathies. I can't comprehend how you get on with such a difficulty.

Maybe you should bookmark "today's posts" instead? I do that. If gives me a non-result, and then I (gasp!) have to move the mouse and click on "today's posts" again. I can't really tell you how I survive such an indignity.

Maybe you should bookmark your notifications so that you'll see immediately when people reply? Not sure that can work, and don't care enough to beta test it for you.

Or maybe you should grow perhaps twenty-seconds' more patience.
The following 1 user Likes Thumpalumpacus's post:
  • SYZ
Reply
#17

Change search restriction time to 10 seconds
Or maybe we can just change the default value for "Search Flood Time" which hasn't changed in almost 20 years, to something more appropriate?

(01-22-2020, 07:32 PM)Dom Wrote: This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.

Also as I did mention in my previous post you can just disable search for guests entirely removing any possibility that search can be exploited by DDOS.
Reply
#18

Change search restriction time to 10 seconds
(01-23-2020, 12:43 AM)Aractus Wrote: Or maybe we can just change the default value for "Search Flood Time" which hasn't changed in almost 20 years, to something more appropriate?

You should probably make a study of patience. You'll benefit in many different ways.
The following 1 user Likes Thumpalumpacus's post:
  • SYZ
Reply
#19

Change search restriction time to 10 seconds
I'm not going to engage with your petty insults.

The default value, 30 seconds, hasn't changed since 2002. When I'm sure you remember that it took a lot longer than 30 seconds to download and load an average forum page.

I'm not asking because _I_ find it a minor inconvenience, but because it will improve the experience for everyone. If DDOS is a concern you can just disable guest search as I've previously mentioned, I'd be happy with that as it's the member experience I care about more than the guest/lurker experience.
Reply
#20

Change search restriction time to 10 seconds
(01-23-2020, 08:26 AM)Aractus Wrote: ...I'm not asking because I find it a minor inconvenience, but because it will improve the experience for everyone.

Please don't tell me what's allegedly an "improvement" for me.  You have no idea
what's good or bad for me—although this is in line with your usual sanctimony.       Dodgy
I'm a creationist;   I believe that man created God.
The following 1 user Likes SYZ's post:
  • TheGentlemanBastard
Reply
#21

Change search restriction time to 10 seconds
(01-23-2020, 09:21 AM)SYZ Wrote: Please don't tell me what's allegedly an "improvement" for me.  You have no idea
what's good or bad for me—although this is in line with your usual sanctimony.       Dodgy

Sure for people that never use search it makes no difference, but when I say "everyone" I mean members who use it regularly. Everyone else like yourself it's a potential improvement to your experience.

I honestly have no idea why you'd be against this BTW? All I'm asking is to lower a default value dreamt up in 2002 that has never changed to something more appropriate. There is literally no downside. I'm not asking to set it to 0 (which is the value for admins I might add so @Mathilda never experiences it for herself unless logged out), just to lower it to a more sensible value. A value chosen in 2002 is not necessarily sensible today!!
Reply
#22

Change search restriction time to 10 seconds
(01-23-2020, 10:13 AM)Aractus Wrote:
(01-23-2020, 09:21 AM)SYZ Wrote: Please don't tell me what's allegedly an "improvement" for me.  You have no idea
what's good or bad for me—although this is in line with your usual sanctimony.       Dodgy

Sure for people that never use search it makes no difference, but when I say "everyone" I mean members who use it regularly. Everyone else like yourself it's a potential improvement to your experience.

I honestly have no idea why you'd be against this BTW? All I'm asking is to lower a default value dreamt up in 2002 that has never changed to something more appropriate. There is literally no downside. I'm not asking to set it to 0 (which is the value for admins I might add so @Mathilda never experiences it for herself unless logged out), just to lower it to a more sensible value. A value chosen in 2002 is not necessarily sensible today!!

There is no point in invoking Mathilda more than once in a thread. She has read it and agreed to my post above. That means she has made a note of it, and maybe next time Aliza tinkers with the software and Mathilda tinkers with the server they will give it some thought. It's not really important. Sorry to be using up some seconds of your life in the meantime.
[Image: color%5D%5Bcolor=#333333%5D%5Bsize=small%5D%5Bfont=T...ans-Serif%5D]
The following 3 users Like Dom's post:
  • Mathilda, SYZ, Thumpalumpacus
Reply
#23

Change search restriction time to 10 seconds
(01-23-2020, 08:26 AM)Aractus Wrote: I'm not going to engage with your petty insults.

The default value, 30 seconds, hasn't changed since 2002. When I'm sure you remember that it took a lot longer than 30 seconds to download and load an average forum page.

I'm not asking because _I_ find it a minor inconvenience, but because it will improve the experience for everyone. If DDOS is a concern you can just disable guest search as I've previously mentioned, I'd be happy with that as it's the member experience I care about more than the guest/lurker experience.

They're not insults, they're suggestions.

It should be noted that last year's attack was mounted by an angry member,"Vosur". Disabling guest searches would not have prevented them.
Reply
#24

Change search restriction time to 10 seconds
(01-23-2020, 09:21 AM)SYZ Wrote:
(01-23-2020, 08:26 AM)Aractus Wrote: ...I'm not asking because I find it a minor inconvenience, but because it will improve the experience for everyone.

Please don't tell me what's allegedly an "improvement" for me.  You have no idea
what's good or bad for me—although this is in line with your usual sanctimony.       Dodgy

What's this? You dare to disagree with our forum's "Expert on Everything" (self appointed)? Very brave of you. Very brave indeed.





Big Grin
[Image: Bastard-Signature.jpg]
The following 1 user Likes TheGentlemanBastard's post:
  • SYZ
Reply
#25

Change search restriction time to 10 seconds
(01-23-2020, 07:03 PM)Thumpalumpacus Wrote: They're not insults, they're suggestions.

It should be noted that last year's attack was mounted by an angry member,"Vosur". Disabling guest searches would not have prevented them.

If it was a DDOS on the search function, then yes disabling guest searches would have prevented such an attack vector. You seem to be under the impression he did his attack while logged in - that wouldn't be a DDOS attack, and even if he did log in simultaneously from 10,000 locations (which isn't what he did) the search flood time would apply to all instances of his. A DDOS attack is a denial of service attack that is simply designed to take a server offline.

Vosur wasn't attacking the search function in the first place, or the forum itself, so not a single setting in MyBB would have made any difference. Vosur's attack wasn't a DDOS attack, it was an authentication attack which was followed by a distributed authentication attack (also called a distributed brute-force attack). Vosur was attacking the SSH (109.123.86.253:22) trying to crack the root password. SSH login attacks are incredibly common, even when your server isn't under a targeted attack it will be attacked by botnets regularly, so a good chunk of the attacks on the server would have had nothing to do with him, and would have come from random servers around the web, which is why any server admin needs a very strong password for all of their server management entry points (SSH, control panel, SFTP, etc). The distributed authentication attack itself may not have been Vosur, although it seems likely. Vosur only had control over his own server. The distributed attack came from someone who controls a botnet - Vosur may have had a "friend" do it, or it may have been coincidence.

Here's what typically greets you when you SSH into a server:

[Image: tTJFmsP.png]
Reply




Users browsing this thread: 1 Guest(s)