I'm sorry if this has been posted before, honestly I only did some simple searchs, not really thoroughly. Can you throttle ajax request rate, preferable settable by admin for each usergroups. I have just wrote some code to notify followers that I have gone online or offline, in realtime, and I abuse it by clicking the visible checkbox real fast, over and over again... You guessed it right, the followers screens are filled up with growl-like messages telling them that I'm messing with them right now, lol... This isn't implemented in xenForo, but by throttling the request rate you can somehow discourage naughty kids trying to DoS the server just by setting up some auto click script on some SubmitOnChange field. I think 5 reqs/min. is reasonable for a global limit. If the limit is hit, requests will be routed through normal GET, POST until it reset. I prefer limit by action, but that would be kind of overkill for most of the smaller boards. PS: Display a message like "Make up your f**king mind!!!" if someone change their visibility more than 2 times a minute would be awesome!!!