We did some profiling of our node MQTT workers using the
--prof flag today, and we found
that our workers were spending an excessive amount of time handling MQTT connection authorization. It turns out
that a few users were hammering our servers with failed auth attempts, so we decided to implement a rate limit for
MQTT connection attempts.
The new connection rate limit allows for 50 connection attempts in a 15 minute window, and attempts past the limit will be rejected for the remainder of the window. If you would like to comment on this change, please visit our IO forum.