Is there a rate limiter to resist inbox flood attack?
Today my instance suddenly went offline.
After checking the logs, it is found that pleroma cannot connect to postgresql.
When I try to restart the service, the CPU and memory usage of the server goes crazy.
I realized it was unusual, so I shut down the service. Then the reverse proxy added a new line of POST /inbox
error every second.
At the time of writing this issue, these errors are still continuing. Since I didn't set up a procedure to record IP and request content, I still don't know who launched the attack ...
Although this may be a bit off-topic:
- Are there any protection mechanisms in Pleroma against flood attacks?
- What would you do if you were to encounter such an attack?