Is the site being attacked?
I see that too. He's probably throttling the posting to slow down attacks.
I had bad lag and it led to me accidentally triple-posting. It's better now.
August 9th, 2017 9:55pm
I'm guessing... hope this does not help Dr. H....
The posting delay could vary based upon the time since the last successful post from any other user. It's about the only way I can see to defeat a ddos style posting attack like when the site was scrolling by a few messages a second.
So this may cause the delay to seem non existent at certain times of the day when the forum is dead, but at busier times you're being held up because someone else just pressed OK.
Yeah, that's exactly what I did. The problem is tweaking the variables -- this place doesn't get many posts and it doesn't take too many to be annoying. So it's hard to be aggressive enough to be useful but not so aggressive that it's annoying to regular posters.
I played with a number of variables and analyzed the post history to come up with the numbers.
From what I've seen so far, it doesn't seem too bad. But I don't post very much.
And I assume you keep a rolling history of posting frequency. If posts start to come in one after another in a regular pattern (if it were my board) which is also not normal I would throttle down more. Or start displaying the CoT "you have an error" window.
Right now it's wholly acceptable. I only had a couple of delays I even noticed.
It could be more intelligent but I'm basically doing notepad.exe development against PHP4. It's pretty low-tech. I don't think I can even run this site on my desktop anymore.
Sorry, how does the delay keep an attacker from just making a bunch of requests concurrently?
Because it's a global rate limiter, not per ip address.
Get some reading comprehension, friend! It was already established that the clock issue was because if you post something right after someone else, it can be delayed due to the rate limiter. This is only possible since this is a low volume site.
I'm assuming it's that part between the TCP handshake and the HTTP 200 OK that's sent back to the browser that you've inserted some kind of delay:
I just guessed that Wayne put some firewall like code into Fruitshow and I guessed how it might work. The assumption is that you can receive post requests here from any number of IP addresses, so going per-IP won't help with herr doctor type vandalism. Your only other available remedy is to rely on the average level of usage of this board to set up some timing based restrictions.
The poster 'g' is pretty funny. :)