Hello, those in charge seem either unwilling or uncaring to improve the security of Danbooru unless a direct attack is put in place. So this account is enacting just that.
This post is to ensure that this time the vector being exploited is actually resolved by pointing out the problem and a proposed solution that should have minimal impact to legitimate users. See, the exploit from November exploited the fact that there was no limit to the number of tags a post could have, and thus 6000 were sent in at the same time. The real damage this caused was the way Danbooru renders tags, causing a page of such payloads to render something like a quarter million links, bringing most browsers to their knees. This was patched rather swiftly by not "pretty rendering" the tags of large tag counts, as well as putting a limit to the number of tags a post could have in total.
In truth, this only half way fixed the issues, as there are still others that can be taken advantage of:
1. Arbitrary Tag Creation: currently there is no limit to anyone in the course of making new tags.
2. Arbitrary Tag Edits: Before the last attack, there was absolutely no limit to what could be pushed as tag strings. The haphazard stop gap measure implemented was just to impose a tag count limit which forced some of the biggest tagged images to be pruned by Evazion to go under the size. This should have just been considered just that, haphazard.
to resolve this, i propose two new Rate Limits be implemented:
1. A limit to the number of tags that can be created, either per user, or perhaps even per user group. diving into the data on the BigQuery mirror, the average tags created on a given day very, very, rarely exceed over 1000 tags. Maybe Danbooru could generate an average of tags made in the last 30/60/90 days, with a defined "cushion" to allow for natural variation in general user activity.
2. A limit to how many "large" edits a given user can make. There are a few legit reasons to have edits where more than 100 tags are added or removed, so outright banning large edits only impedes legitimate users. However, those edits should be very few and far between, so a limit of say, 5 "large" edits(i would put this somewhere in the ballpark of 200-350) per user per day. There is of course consideration of maybe "lifting" the restriction to more trusted user ranks but it should be known to those in charge already that it's often those already "trusted" that are more prone to abusing their power.
Let’s hope this is the last time I have to force the hands of those who can act on this. Regardless, apologies for the headache and Merry Christmas.
Updated by nonamethanks