anoduck
commented
2 years ago Just for reference. I have hosted meguca on tor once before, and these would be nice to have. Also, purely for reference, mod-sec can be used to limit the amount of posts per X secs, and a custom implemented captcha page can help reduce bot traffic.
I'm planning to host an imageboard on Tor (.onion address), but I'm afraid of someone make a flood there, as all incoming addresses are "127.0.0.1" and I couldn't ban/block anyone by IP as doing this could affect the entire chan or board..
So, I addressed features that if implemented, would make Meguca compatible with anonymity networks like Tor, I2P and Lokinet.
1 - Interval of X seconds between thread and post creation. ===> This would prevent some retards to post lots of texts repeatedly and also defeat scripts made to flood imageboards; this option would require cookies to work. ===> Also addressed here: https://github.com/bakape/meguca/issues/1297
2 - Max threads per hour. ===> In an imageboard, an owner can estimate how many threads are created by hour and establish a limit for preventing flood in board pages.
3 - Text captcha mechanism that doesn't require JavaScript. ===> This can prevent flood; and users worried about privacy leaks in their browsers (particularly TorBrowser) can solve the captcha without problems. Anything similar to this would be fine: https://www.phpcaptcha.org/ ===> I know there is already a captcha mechanisn in Meguca, but some users that don't know anything about animes and japanese characters would have to search for their images to solve the captcha, and Google asks for another captcha for searching about anything.
4 - IDs system and an option to delete all posts in a specific board or in entire imageboard. ===> Connections coming from Tor and I2P will appear as "127.0.0.1", so, deleting repeated posts in a flood attack can affect other threads, posts or even the entire imageboard if the one is hosted only in a .onion or .i2p pseudo-domain. Deleting posts by ID would affect only the matched posts and threads. A smart idea. ===> Also addressed here: https://github.com/bakape/meguca/issues/1296
5 - Link anonymizing. ===> This prevents sites to "see" from what site the link to it was clicked. It's easy to implement as anchor in HTML5 has an option to modify the link behavior: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-referrerpolicy ===> External services can also be used: https://href.li -- https://anonym.to -- https://www.linkanonymous.com -- https://anonym.es/en.html ===> Also addressed here: https://github.com/bakape/meguca/issues/1299
===========================================================================
These are my requests for making Meguca compatible with anonymity networks.