src/sbbs3/ratelimit.hpp websrvr.cpp - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  src/sbbs3/ratelimit.hpp websrvr.cpp
De:       Rob Swindell (on Windows 11)
Data:     Fri, 22 May 2026 01:28:50 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/52db12ec6cedd9dbf0a9f4b4
Modified Files:
	src/sbbs3/ratelimit.hpp websrvr.cpp
Log Message:
websrvr: filter the lone offending IP, not the whole subnet, for single abusers

With subnet aggregation enabled (RateLimitSubnetPrefix4/6), the rate-limit
auto-filter added in the prior commit always blocked the entire subnet CIDR
once the violation threshold was reached -- so a single bad actor could get an
innocent /24 of neighbors filtered.

Track the distinct host IPs that have been *denied* within each subnet bucket
(deny-path only, so light legitimate traffic sharing the subnet doesn't count)
and only escalate to a subnet-wide filter when more than one distinct IP is
responsible (i.e. the abuse really is distributed). A single offender is
filtered by its host IP (/32) instead. The ip.can reason records the distinct
IP count for subnet filters ("N rate-limit violations from M IPs").

Co-Authored-By: Claude Opus 4.7 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]