Posts: 1,787
Threads: 89
Likes Received: 411 in 294 posts
Likes Given: 326
Joined: Sep 2018
Reputation:
-3
01-22-2020, 02:01 AM
(This post was last modified: 01-22-2020, 02:06 AM by Aractus.)
Change search restriction time to 10 seconds
This is really annoying. The forum is set to one search per 30 seconds per user. This is to prevent server overload, however that value is way too high and leads to the common experience of having to wait 20 seconds or so before you can do your search. Please change the time in the MyBB settings to 10 seconds. This will still prevent excessive search requests while improving the experience for all forum members.
As you can see above, to take that screenshot I did two searches as quickly as I could in one tab. So with 10 second limit you would barely ever experience the wait page under normal conditions. I'd even suggest we could go as low as 5 seconds, but I'd be happy with any value up to 10 seconds. 8 seconds might be a good value. @ Mathilda you can check the server logs before and after the change to ensure that this doesn't lead to an unacceptable increase in server load. However I might point out you can actually disable search for users that are not logged in if server load is a concern. The setting is called Search Flood Time, you find it under config>settings>search system.
Thanks!
Posts: 12,153
Threads: 203
Likes Received: 13,378 in 6,561 posts
Likes Given: 13,140
Joined: Sep 2018
Reputation:
37
01-22-2020, 11:46 AM
Change search restriction time to 10 seconds
Seriously? Surely an extra 20 seconds of your life isn't the end of the world as you know it?
I'm more than happy to wait 30 seconds between searches. And if this
really "annoys" you, then I suggest you take a chill pill mate!
I'm a creationist; I believe that man created God.
Posts: 15,693
Threads: 325
Likes Received: 13,164 in 7,353 posts
Likes Given: 11,918
Joined: Sep 2018
Reputation:
28
01-22-2020, 03:00 PM
Change search restriction time to 10 seconds
30 seconds? Not long if you're rowing a boat from San Francisco to Hawaii. A bit longer if you're on fire.
Posts: 23,590
Threads: 506
Likes Received: 29,518 in 14,097 posts
Likes Given: 6,496
Joined: Jan 2019
Reputation:
41
01-22-2020, 04:11 PM
Change search restriction time to 10 seconds
I'm with Danny on this one. It's annoying.
Robert G. Ingersoll : “No man with a sense of humor ever founded a religion.”
Posts: 15,693
Threads: 325
Likes Received: 13,164 in 7,353 posts
Likes Given: 11,918
Joined: Sep 2018
Reputation:
28
01-22-2020, 04:50 PM
Change search restriction time to 10 seconds
Insert dittoness here.
Posts: 5,797
Threads: 41
Likes Received: 8,556 in 3,707 posts
Likes Given: 13,014
Joined: Sep 2018
Reputation:
27
01-22-2020, 04:57 PM
Change search restriction time to 10 seconds
It would be different if they were getting flooded, we don't know what's happening on the back side.
Posts: 25,009
Threads: 47
Likes Received: 34,772 in 15,973 posts
Likes Given: 37,593
Joined: Sep 2018
Reputation:
61
01-22-2020, 05:08 PM
Change search restriction time to 10 seconds
I want a plug-in that reads my mind and delivers my desiderata before I even realize I want it. <snaps fingers>
Posts: 20,154
Threads: 297
Likes Received: 22,161 in 10,188 posts
Likes Given: 20,001
Joined: Sep 2018
Reputation:
78
01-22-2020, 07:32 PM
Change search restriction time to 10 seconds
This is @ Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.
Posts: 23,546
Threads: 58
Likes Received: 16,510 in 8,852 posts
Likes Given: 7,815
Joined: Dec 2018
Reputation:
41
01-22-2020, 08:35 PM
Change search restriction time to 10 seconds
(01-22-2020, 07:32 PM)Dom Wrote: This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.
Mountain-high though the difficulties appear, terrible and gloomy though all things seem, they are but Mâyâ.
Fear not — it is banished. Crush it, and it vanishes. Stamp upon it, and it dies.
Vivekananda
Posts: 7,262
Threads: 37
Likes Received: 8,002 in 3,935 posts
Likes Given: 3,009
Joined: Sep 2018
Reputation:
34
01-22-2020, 08:50 PM
Change search restriction time to 10 seconds
(01-22-2020, 07:32 PM)Dom Wrote: This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.
The first thing that came to mind ... it could make dos attacks much easier.
Maybe that not at all how they work, but it could be a consideration.
Test
Posts: 25,009
Threads: 47
Likes Received: 34,772 in 15,973 posts
Likes Given: 37,593
Joined: Sep 2018
Reputation:
61
01-22-2020, 09:47 PM
Change search restriction time to 10 seconds
Maybe construct appropriate search terms in the first place?
Just a thought.
Posts: 23,590
Threads: 506
Likes Received: 29,518 in 14,097 posts
Likes Given: 6,496
Joined: Jan 2019
Reputation:
41
01-22-2020, 11:56 PM
Change search restriction time to 10 seconds
Oddly, for the first time in what seems like weeks I am running into that "can't connect to server error."
Robert G. Ingersoll : “No man with a sense of humor ever founded a religion.”
Posts: 5,627
Threads: 42
Likes Received: 5,635 in 2,841 posts
Likes Given: 5,777
Joined: Dec 2018
Reputation:
27
01-23-2020, 12:10 AM
Change search restriction time to 10 seconds
Being told you're delusional does not necessarily mean you're mental.
Posts: 1,787
Threads: 89
Likes Received: 411 in 294 posts
Likes Given: 326
Joined: Sep 2018
Reputation:
-3
01-23-2020, 12:22 AM
Change search restriction time to 10 seconds
(01-22-2020, 09:47 PM)Thumpalumpacus Wrote: Maybe construct appropriate search terms in the first place?
Just a thought.
That's not the issue. The issue is that if you use any of the search functions as your bookmark like View Today's Posts or View New Posts, then that counts as a search as far as the server is concerned and you can't do a search for 30 seconds.
(01-22-2020, 07:32 PM)Dom Wrote: This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.
It shouldn't make any substantial difference to a DDOS attack (which by nature is distributed), and the best option to prevent DDOS attacks from taking the server offline is to get hosting in a DDOS protected network.
Posts: 9,083
Threads: 73
Likes Received: 5,577 in 3,352 posts
Likes Given: 4,553
Joined: Sep 2018
Reputation:
45
01-23-2020, 12:29 AM
Change search restriction time to 10 seconds
I've used "search" a few times but rarely...is this something that people need often?
Posts: 25,009
Threads: 47
Likes Received: 34,772 in 15,973 posts
Likes Given: 37,593
Joined: Sep 2018
Reputation:
61
01-23-2020, 12:38 AM
Change search restriction time to 10 seconds
(01-23-2020, 12:22 AM)Aractus Wrote: (01-22-2020, 09:47 PM)Thumpalumpacus Wrote: Maybe construct appropriate search terms in the first place?
Just a thought.
That's not the issue. The issue is that if you use any of the search functions as your bookmark like View Today's Posts or View New Posts, then that counts as a search as far as the server is concerned and you can't do a search for 30 seconds.
You have my sympathies. I can't comprehend how you get on with such a difficulty.
Maybe you should bookmark "today's posts" instead? I do that. If gives me a non-result, and then I (gasp!) have to move the mouse and click on "today's posts" again. I can't really tell you how I survive such an indignity.
Maybe you should bookmark your notifications so that you'll see immediately when people reply? Not sure that can work, and don't care enough to beta test it for you.
Or maybe you should grow perhaps twenty-seconds' more patience.
Posts: 1,787
Threads: 89
Likes Received: 411 in 294 posts
Likes Given: 326
Joined: Sep 2018
Reputation:
-3
01-23-2020, 12:43 AM
Change search restriction time to 10 seconds
Or maybe we can just change the default value for "Search Flood Time" which hasn't changed in almost 20 years, to something more appropriate?
(01-22-2020, 07:32 PM)Dom Wrote: This is @Mathilda s decision, but my guess would be a negative. We withstood a ddos attack thanks to her excellent server management, and we want to be able to do the same when the next one comes. The server load is exactly the way we need it to stay safe.
Also as I did mention in my previous post you can just disable search for guests entirely removing any possibility that search can be exploited by DDOS.
Posts: 25,009
Threads: 47
Likes Received: 34,772 in 15,973 posts
Likes Given: 37,593
Joined: Sep 2018
Reputation:
61
01-23-2020, 01:17 AM
Change search restriction time to 10 seconds
(01-23-2020, 12:43 AM)Aractus Wrote: Or maybe we can just change the default value for "Search Flood Time" which hasn't changed in almost 20 years, to something more appropriate?
You should probably make a study of patience. You'll benefit in many different ways.
Posts: 1,787
Threads: 89
Likes Received: 411 in 294 posts
Likes Given: 326
Joined: Sep 2018
Reputation:
-3
01-23-2020, 08:26 AM
Change search restriction time to 10 seconds
I'm not going to engage with your petty insults.
The default value, 30 seconds, hasn't changed since 2002. When I'm sure you remember that it took a lot longer than 30 seconds to download and load an average forum page.
I'm not asking because _I_ find it a minor inconvenience, but because it will improve the experience for everyone. If DDOS is a concern you can just disable guest search as I've previously mentioned, I'd be happy with that as it's the member experience I care about more than the guest/lurker experience.
Posts: 12,153
Threads: 203
Likes Received: 13,378 in 6,561 posts
Likes Given: 13,140
Joined: Sep 2018
Reputation:
37
01-23-2020, 09:21 AM
Change search restriction time to 10 seconds
(01-23-2020, 08:26 AM)Aractus Wrote: ...I'm not asking because I find it a minor inconvenience, but because it will improve the experience for everyone.
Please don't tell me what's allegedly an "improvement" for me. You have no idea
what's good or bad for me—although this is in line with your usual sanctimony.
I'm a creationist; I believe that man created God.
Posts: 1,787
Threads: 89
Likes Received: 411 in 294 posts
Likes Given: 326
Joined: Sep 2018
Reputation:
-3
01-23-2020, 10:13 AM
(This post was last modified: 01-23-2020, 10:14 AM by Aractus.)
Change search restriction time to 10 seconds
(01-23-2020, 09:21 AM)SYZ Wrote: Please don't tell me what's allegedly an "improvement" for me. You have no idea
what's good or bad for me—although this is in line with your usual sanctimony.
Sure for people that never use search it makes no difference, but when I say "everyone" I mean members who use it regularly. Everyone else like yourself it's a potential improvement to your experience.
I honestly have no idea why you'd be against this BTW? All I'm asking is to lower a default value dreamt up in 2002 that has never changed to something more appropriate. There is literally no downside. I'm not asking to set it to 0 (which is the value for admins I might add so @ Mathilda never experiences it for herself unless logged out), just to lower it to a more sensible value. A value chosen in 2002 is not necessarily sensible today!!
Posts: 20,154
Threads: 297
Likes Received: 22,161 in 10,188 posts
Likes Given: 20,001
Joined: Sep 2018
Reputation:
78
01-23-2020, 12:35 PM
Change search restriction time to 10 seconds
(01-23-2020, 10:13 AM)Aractus Wrote: (01-23-2020, 09:21 AM)SYZ Wrote: Please don't tell me what's allegedly an "improvement" for me. You have no idea
what's good or bad for me—although this is in line with your usual sanctimony.
Sure for people that never use search it makes no difference, but when I say "everyone" I mean members who use it regularly. Everyone else like yourself it's a potential improvement to your experience.
I honestly have no idea why you'd be against this BTW? All I'm asking is to lower a default value dreamt up in 2002 that has never changed to something more appropriate. There is literally no downside. I'm not asking to set it to 0 (which is the value for admins I might add so @Mathilda never experiences it for herself unless logged out), just to lower it to a more sensible value. A value chosen in 2002 is not necessarily sensible today!!
There is no point in invoking Mathilda more than once in a thread. She has read it and agreed to my post above. That means she has made a note of it, and maybe next time Aliza tinkers with the software and Mathilda tinkers with the server they will give it some thought. It's not really important. Sorry to be using up some seconds of your life in the meantime.
Posts: 25,009
Threads: 47
Likes Received: 34,772 in 15,973 posts
Likes Given: 37,593
Joined: Sep 2018
Reputation:
61
01-23-2020, 07:03 PM
(This post was last modified: 01-23-2020, 07:20 PM by Thumpalumpacus.)
Change search restriction time to 10 seconds
(01-23-2020, 08:26 AM)Aractus Wrote: I'm not going to engage with your petty insults.
The default value, 30 seconds, hasn't changed since 2002. When I'm sure you remember that it took a lot longer than 30 seconds to download and load an average forum page.
I'm not asking because _I_ find it a minor inconvenience, but because it will improve the experience for everyone. If DDOS is a concern you can just disable guest search as I've previously mentioned, I'd be happy with that as it's the member experience I care about more than the guest/lurker experience.
They're not insults, they're suggestions.
It should be noted that last year's attack was mounted by an angry member," Vosur". Disabling guest searches would not have prevented them.
Posts: 4,982
Threads: 12
Likes Received: 5,675 in 2,504 posts
Likes Given: 6,473
Joined: Nov 2018
Reputation:
31
01-23-2020, 08:42 PM
Change search restriction time to 10 seconds
(01-23-2020, 09:21 AM)SYZ Wrote: (01-23-2020, 08:26 AM)Aractus Wrote: ...I'm not asking because I find it a minor inconvenience, but because it will improve the experience for everyone.
Please don't tell me what's allegedly an "improvement" for me. You have no idea
what's good or bad for me—although this is in line with your usual sanctimony.
What's this? You dare to disagree with our forum's "Expert on Everything" (self appointed)? Very brave of you. Very brave indeed.
Posts: 1,787
Threads: 89
Likes Received: 411 in 294 posts
Likes Given: 326
Joined: Sep 2018
Reputation:
-3
01-24-2020, 12:42 AM
(This post was last modified: 01-24-2020, 01:04 AM by Aractus.)
Change search restriction time to 10 seconds
(01-23-2020, 07:03 PM)Thumpalumpacus Wrote: They're not insults, they're suggestions.
It should be noted that last year's attack was mounted by an angry member,"Vosur". Disabling guest searches would not have prevented them.
If it was a DDOS on the search function, then yes disabling guest searches would have prevented such an attack vector. You seem to be under the impression he did his attack while logged in - that wouldn't be a DDOS attack, and even if he did log in simultaneously from 10,000 locations (which isn't what he did) the search flood time would apply to all instances of his. A DDOS attack is a denial of service attack that is simply designed to take a server offline.
Vosur wasn't attacking the search function in the first place, or the forum itself, so not a single setting in MyBB would have made any difference. Vosur's attack wasn't a DDOS attack, it was an authentication attack which was followed by a distributed authentication attack (also called a distributed brute-force attack). Vosur was attacking the SSH (109.123.86.253:22) trying to crack the root password. SSH login attacks are incredibly common, even when your server isn't under a targeted attack it will be attacked by botnets regularly, so a good chunk of the attacks on the server would have had nothing to do with him, and would have come from random servers around the web, which is why any server admin needs a very strong password for all of their server management entry points (SSH, control panel, SFTP, etc). The distributed authentication attack itself may not have been Vosur, although it seems likely. Vosur only had control over his own server. The distributed attack came from someone who controls a botnet - Vosur may have had a "friend" do it, or it may have been coincidence.
Here's what typically greets you when you SSH into a server:
|