From d45c28ec36ebe67a632aad27989bb97a697e09fb Mon Sep 17 00:00:00 2001 From: Janik Kleinhoff Date: Sun, 8 Mar 2015 01:45:43 +0400 Subject: Don't trigger splitflood on lots of humans using a single bot command This essentially allows people who had previously been active to bypass splitflood handling once in certain cases to avoid tons of false positives. (Mostly of interest for channels that heavily involve interaction with some sort of bot.) Actual malicious distributed flood attack detection should be unaffected. --- modules/classes.pl | 6 ++++++ modules/event.pl | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/classes.pl b/modules/classes.pl index a8a1e64..d1cab71 100644 --- a/modules/classes.pl +++ b/modules/classes.pl @@ -312,6 +312,12 @@ sub splitflood { $text=$event->{args}->[0]; } return unless defined($text); + # a bit ugly but this should avoid alerting on spammy bot commands + # give them the benefit of the doubt if they talked before ... but not too recently + # if we didn't see them join, assume they did talk at some point + my $msgtime = $::sc{$chan}{users}{lc $event->{nick}}{msgtime} // 0; + $msgtime ||= 1 if !$::sc{$chan}{users}{lc $event->{nick}}{jointime}; + return if $text =~ /^[^\w\s]+\w+\s*$/ && $msgtime && ($msgtime + 2 * $cf{$id}{timeout}) < time; # return unless length($text) >= 10; if (defined($bs{$id}{$text}) && (time <= $bs{$id}{$text} + 600)) { return 1; diff --git a/modules/event.pl b/modules/event.pl index a1f84de..bbc56e1 100644 --- a/modules/event.pl +++ b/modules/event.pl @@ -332,7 +332,6 @@ sub on_public # alarm 200; my $chan = lc $event->{to}[0]; $chan =~ s/^[+@]//; - $::sc{$chan}{users}{lc $event->{nick}}{msgtime} = time; $::log->logg( $event ); $::db->logg( $event ); if ($event->{args}->[0] =~ /(https?:\/\/bitly.com\/\w+|https?:\/\/bit.ly\/\w+|https?:\/\/j.mp\/\w+|https?:\/\/tinyurl.com\/\w+)/i) { @@ -346,6 +345,7 @@ sub on_public } $::inspector->inspect( $conn, $event ); $::commander->command( $conn, $event ); + $::sc{$chan}{users}{lc $event->{nick}}{msgtime} = time; } sub checkHTTP -- cgit v1.2.3