Don't trigger splitflood on lots of humans using a single bot command

This essentially allows people who had previously been active
to bypass splitflood handling once in certain cases to avoid
tons of false positives. (Mostly of interest for channels
that heavily involve interaction with some sort of bot.)

Actual malicious distributed flood attack detection should
be unaffected.

2 files changed, 7 insertions, 1 deletions

diff --git a/modules/classes.pl b/modules/classes.pl
index a8a1e64..d1cab71 100644
--- a/modules/classes.pl
+++ b/modules/classes.pl
@@ -312,6 +312,12 @@ sub splitflood {
     $text=$event->{args}->[0];
   }
   return unless defined($text);
+  # a bit ugly but this should avoid alerting on spammy bot commands
+  # give them the benefit of the doubt if they talked before ... but not too recently
+  # if we didn't see them join, assume they did talk at some point
+  my $msgtime = $::sc{$chan}{users}{lc $event->{nick}}{msgtime} // 0;
+  $msgtime ||= 1 if !$::sc{$chan}{users}{lc $event->{nick}}{jointime};
+  return if $text =~ /^[^\w\s]+\w+\s*$/ && $msgtime && ($msgtime + 2 * $cf{$id}{timeout}) < time;
 #  return unless length($text) >= 10;
   if (defined($bs{$id}{$text}) && (time <= $bs{$id}{$text} + 600)) {
     return 1;
diff --git a/modules/event.pl b/modules/event.pl
index a1f84de..bbc56e1 100644
--- a/modules/event.pl
+++ b/modules/event.pl
@@ -332,7 +332,6 @@ sub on_public
 #  alarm 200;
   my $chan = lc $event->{to}[0];
   $chan =~ s/^[+@]//;
-  $::sc{$chan}{users}{lc $event->{nick}}{msgtime} = time;
   $::log->logg( $event );
   $::db->logg( $event );
   if ($event->{args}->[0] =~ /(https?:\/\/bitly.com\/\w+|https?:\/\/bit.ly\/\w+|https?:\/\/j.mp\/\w+|https?:\/\/tinyurl.com\/\w+)/i) {
@@ -346,6 +345,7 @@ sub on_public
   }
   $::inspector->inspect( $conn, $event );
   $::commander->command( $conn, $event );
+  $::sc{$chan}{users}{lc $event->{nick}}{msgtime} = time;
 }
 
 sub checkHTTP