My site is currently under attack. I created a users directory that automatically puts the last logged in people on top. Whoever loads the home page gets placed on top.
I have one user (at least one that's logged in, not sure if there are more logged off) that is refreshing the page non stop and slowing the site. The site uses lots of images so it's become much slower now.
I installed sikka: https://github.com/meteorhacks/sikka
But I am having some issues with it. Particularly three major issues:
I set up the package, and it doesn't seem to stop the attacks. I still see the user reloading no matter what.
I run my local server (localhost:3000), and there it works TOO well, in fact it won't let me do anything. I load the page and it will take me to the captcha page no matter what. It will just keep taking me there right after I click. So I can't do any work on the site with the package installed.
I had to turn the feature 'onlyForHumans'. It basically asks all the users to confirm that they are not robots, which is obviously a huge inconvenience. Not only that but it will expire and keep asking. This has stopped the attack, but obviously I can't leave the site like this. I will affect my signup rate etc.
Can someone help me with the configuration? for the rate limits, what is an appropriate setting per IP? I have it at the defaults, but without 'onlyForHumans' setting on, it doesn't do anything, and just as bad, goes haywire locally.
Any help is appreciated!
"sikka": {
"captcha": {
"siteKey": "google key here",
"secret": "google key here"
},
"rateLimits": {
"perIp": 20,
"perHuman": 20,
"perSession": 20
},
"times": {
"blockIpFor": 120000,
"humanLivesUpto": 3600000
},
"onlyForHumans": true
}
