github/reddit
1
1
Fork 0
mirror of https://github.com/reddit-archive/reddit.git synced 2026-01-24 06:18:08 -05:00
Code Issues Packages Projects Releases Wiki Activity
5,283 Commits 1 Branch 0 Tags
f95cb2b1439ab7409e2ccb211d95dd906ff1cbce
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Neil Williams f95cb2b143 Rework login ratelimit system. 
The goal of a login ratelimit system is to prevent brute force attacks
on passwords.

The current login ratelimit system is based on VDelay which uses
exponential backoff based on IP address after failed login attempts.
This is not ideal because of corporate proxies and LSN causing the
number of false positives to be very high resulting in users getting
the dreaded "you've been doing that too much".

This new system uses a factored out version of the core ratelimiting
system which uses fixed ratelimits per period (allowing some burstiness)
and is per-account. To help mitigate the effects of a denial of service
attack on a specific user, different ratelimit buckets are used
depending on whether or not the user has used the IP the login request
is coming from before.

As an escape hatch, successfully resetting an account's password adds
the current IP to that account's recent IPs allowing it into the safer
ratelimit bucket.

The ratelimit never applies if you are currently logged in as the user,
allowing account deletion to happen regardless of ongoing brute force /
denial of service attacks.
2015-01-05 14:06:46 -08:00
r2
Rework login ratelimit system.
2015-01-05 14:06:46 -08:00
scripts
Traffic processing: Validate clicks by checking response code.
2014-12-12 17:00:29 -05:00
sql
Controversy: be defensive against negative ups/downs (bad data)
2014-06-18 00:20:43 -07:00
upstart
Inbox counts: Add mark all messages as read
2014-10-03 11:46:48 -07:00
.gitignore
Add comment_tree_utils.c to gitignore.
2014-03-11 09:28:23 -04:00
CONTRIBUTING.md
Corrects capitalization
2014-11-04 10:27:44 -08:00
install-reddit.sh
media: Take advantage of HTTP & HTTPS media being on the same domain.
2014-12-01 12:03:44 -08:00
LICENSE
Update license headers to 2014.
2014-05-02 16:26:31 -04:00
README.md
Update readme for short blurb on contributing
2014-12-10 13:09:18 -08:00
SECURITY.md
Add SECURITY.md.
2013-06-03 15:07:10 -07:00

README.md

reddit

Greetings!

This is the primary codebase that powers reddit.com.

For notices about major changes and general discussion of reddit development, subscribe to the /r/redditdev and /r/changelog subreddits.

You can also chat with us via IRC in #reddit-dev on FreeNode.

Quickstart

To set up your own instance of reddit to develop with, we have a handy install script for Ubuntu that will automatically install and configure most of the stack.

Alternatively, refer to our Install Guide for instructions on setting up reddit from scratch. Many frequently asked questions regarding local reddit installs are covered in our FAQ.

APIs

To learn more about reddit's API, check out our automated API documentation and the API wiki page. Please use a unique User-Agent string and take care to abide by our API rules.

Happy hacking!

Issues and Contribution Guidelines

Thanks for wanting to help make reddit better! First things first, though: github issues is only for confirmed, active bugs. Please submit ideas to /r/ideasfortheadmins.

Please read more on contributions in CONTRIBUTING.md.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 55 MiB
Languages
Python 54.4%
JavaScript 26.7%
HTML 11.3%
Less 4.5%
Shell 1%
Other 2%