From 629d03bd7be7e86db1b36bd0296ced9789435fc0 Mon Sep 17 00:00:00 2001 From: towards-a-new-leftypol Date: Sun, 24 Jan 2021 06:49:01 +0000 Subject: [PATCH] OP creation rate-limiting - minimum time between OP is 30 seconds --- inc/config.php | 13 +++++++++++++ inc/filters.php | 27 ++++++++++++++++++++++++--- inc/instance-config.php | 9 ++++++--- 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/inc/config.php b/inc/config.php index 80f3c01f..adc58733 100644 --- a/inc/config.php +++ b/inc/config.php @@ -340,6 +340,8 @@ * Read more: http://tinyboard.org/docs/index.php?p=Config/Filters */ + // Minimum time between between each post. + $config['flood_time_any'] = 40; // Minimum time between between each post by the same IP address. $config['flood_time'] = 10; // Minimum time between between each post with the exact same content AND same IP address. @@ -378,6 +380,17 @@ 'message' => &$config['error']['flood'] ); + $config['filters'][] = array( + 'condition' => array( + 'OP' => true, + 'flood-time-any' => &$config['flood_time_any'] + ), + 'noip' => true, + 'find-time' => 60 * 60 * 1, + 'action' => 'reject', + 'message' => 'Hmmm' + ); + // Example: Minimum time between posts with the same file hash. // $config['filters'][] = array( // 'condition' => array( diff --git a/inc/filters.php b/inc/filters.php index 2756e6f4..4019b9e6 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -68,6 +68,7 @@ class Filter { $flood_check_matched[] = $flood_post; } + // is there any reason for this assignment? $this->flood_check = $flood_check_matched; return !empty($this->flood_check); @@ -78,6 +79,13 @@ class Filter { } } return false; + case 'flood-time-any': + foreach ($this->flood_check as $flood_post) { + if (time() - $flood_post['time'] <= $match) { + return true; + } + } + return false; case 'flood-count': $count = 0; foreach ($this->flood_check as $flood_post) { @@ -178,7 +186,9 @@ class Filter { if ($condition[0] == '!') { $NOT = true; $condition = substr($condition, 1); - } else $NOT = false; + } else { + $NOT = false; + } if ($this->match($condition, $value) == $NOT) return false; @@ -216,12 +226,18 @@ function do_filters(array $post) { if (!isset($config['filters']) || empty($config['filters'])) return; + + // look at the flood table regardless of IP + $noip = false; foreach ($config['filters'] as $filter) { - if (isset($filter['condition']['flood-match'])) { + if (isset($filter['condition']['flood-match']) && (!isset($filter['noip']) || $filter['noip'] == false)) { $has_flood = true; break; - } + } else if ($filter['noip'] == true) { + $noip = true; + $find_time = time() - $filter['find-time']; + } } if (isset($has_flood)) { @@ -237,6 +253,11 @@ function do_filters(array $post) { } $query->execute() or error(db_error($query)); $flood_check = $query->fetchAll(PDO::FETCH_ASSOC); + } else if ($noip) { + print_err("SELECT * FROM flood WHERE time > " . strval($find_time)); + $query = prepare("SELECT * FROM ``flood`` WHERE `time` > $find_time"); + $query->execute() or error(db_error($query)); + $flood_check = $query->fetchAll(PDO::FETCH_ASSOC); } else { $flood_check = false; } diff --git a/inc/instance-config.php b/inc/instance-config.php index 451cf8d9..4971b54e 100644 --- a/inc/instance-config.php +++ b/inc/instance-config.php @@ -96,9 +96,12 @@ $config['db']['password'] = ''; $config['cookies']['mod'] = 'mod'; $config['cookies']['salt'] = 'MGYwNjhlNjU5Y2QxNWU3YjQ3MzQ1Yj'; -$config['flood_time'] = 30; -$config['flood_time_ip'] = 60; -$config['flood_time_same'] = 60; + +$config['flood_cache'] = 60 * 60 * 1; // 1 hours +$config['flood_time_any'] = 20; // in seconds +$config['flood_time'] = 0; +$config['flood_time_ip'] = 0; +$config['flood_time_same'] = 0; $config['max_body'] = 100000; $config['reply_limit'] = 250; $config['max_links'] = 40;