Skip to content

Excessive Calls to AuthService Causing IP Bans #5647

New issue
New issue
Open
Open
Excessive Calls to AuthService Causing IP Bans#5647
Labels
bugSomething isn't working
@wolkenschieber

Description

@wolkenschieber
wolkenschieber
opened on Feb 21, 2026

Pre-submission Checklist

  • I have searched the existing issues and this bug has not been reported yet
  • I have tested this issue on the demo site or the latest version

Where did you encounter this bug?

Latest stable version (self-hosted)

Memos Version

v0.26.1

Bug Description

The application is making an excessive number of requests to authentication endpoints within a very short time frame. This behavior is being flagged by CrowdSec as a generic HTTP brute force attack (LePresidente/http-generic-401-bf), resulting in IP bans. As a consequence, OAuth2 authentication becomes effectively unusable.

Impact

  • Legitimate users are banned.
  • OAuth2 authentication becomes unreliable or completely unusable.
  • Potential performance degradation and false-positive security triggers.

Steps to Reproduce

  1. Configure traefik w/ Crowdesc
  2. Configure memos w/ Authelia
  3. Try to login

Expected Behavior

Observed Behavior

Within under 1 second, the app makes:

  • 5 calls to GetCurrentUser
  • 3 calls to RefreshToken
  • Total: 8 calls to memos.api.v1.AuthService
  • CrowdSec detects this pattern as brute-force traffic.
  • The client IP gets banned.
  • OAuth2 flow fails due to blocked requests.

Screenshots & Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions