From 01c10bad0e4e6dbb3f85a7d2091ac0a48abedeed Mon Sep 17 00:00:00 2001 From: Tomasz Sowa Date: Mon, 30 May 2022 05:35:05 +0200 Subject: [PATCH] add use_antispam_mechanism_for_not_logged_users config option --- winixd/core/config.cpp | 1 + winixd/core/config.h | 7 ++++++- winixd/functions/functions.cpp | 24 ++++++++++++------------ winixd/functions/upload.cpp | 23 +++++++++++++---------- 4 files changed, 32 insertions(+), 23 deletions(-) diff --git a/winixd/core/config.cpp b/winixd/core/config.cpp index 1c76c77..d4933b3 100644 --- a/winixd/core/config.cpp +++ b/winixd/core/config.cpp @@ -341,6 +341,7 @@ void Config::AssignValues() check_proxy_ip_header = Bool(L"check_proxy_ip_header", false); proxy_ip_header = Text(L"proxy_ip_header", L"X_Real_IP"); + use_antispam_mechanism_for_not_logged_users = Bool(L"use_antispam_mechanism_for_not_logged_users", true); antispam_list_max_size = Size(L"antispam_list_max_size", 10); add_header_cache_no_store_in_htmx_request = Bool(L"add_header_cache_no_store_in_htmx_request", true); } diff --git a/winixd/core/config.h b/winixd/core/config.h index b505d8a..d237466 100644 --- a/winixd/core/config.h +++ b/winixd/core/config.h @@ -934,7 +934,12 @@ public: // default: X_Real_IP std::wstring proxy_ip_header; - // antispam mechanizm + // use an antismap mechanism for not logged users + // when they try to add a new item + // default: true + bool use_antispam_mechanism_for_not_logged_users; + + // antispam mechanism // size of an list for map: form_id to counter_id for anonymous users (each session has such an map) // this value allowes you to open the same or different html form in the browser more than once // and each form has its own form_id and counter_id diff --git a/winixd/functions/functions.cpp b/winixd/functions/functions.cpp index 9a88209..a46e676 100644 --- a/winixd/functions/functions.cpp +++ b/winixd/functions/functions.cpp @@ -499,19 +499,19 @@ void Functions::MakeFunction() void Functions::CheckGetPostTimes(time_t difference) { - time_t now = std::time(0); + if( !cur->session->puser && config->use_antispam_mechanism_for_not_logged_users ) + { + time_t now = std::time(0); - if( cur->session->puser ) - return; + if( cur->request->method != Request::post ) + return; + + if( now - cur->session->last_time_get >= (time_t)difference ) + return; - if( cur->request->method != Request::post ) - return; - - if( now - cur->session->last_time_get >= (time_t)difference ) - return; - - cur->session->spam_score += 1; - log << log1 << "Functions: spam +1: POST after GET sent too fast" << logend; + cur->session->spam_score += 1; + log << log1 << "Functions: spam +1: POST after GET sent too fast" << logend; + } } @@ -519,7 +519,7 @@ void Functions::CheckGetPostTimes(time_t difference) bool Functions::CheckAntispamCounter() { - if( !cur->session->puser ) + if( !cur->session->puser && config->use_antispam_mechanism_for_not_logged_users ) { long form_id = Tol(cur->request->PostVar(L"winix_form_id")); long counter_id = Tol(cur->request->PostVar(L"winix_form_counter")); diff --git a/winixd/functions/upload.cpp b/winixd/functions/upload.cpp index cc244b9..0d87e82 100644 --- a/winixd/functions/upload.cpp +++ b/winixd/functions/upload.cpp @@ -193,19 +193,22 @@ void Upload::UploadFile(Item & item, const std::wstring & tmp_filename) bool Upload::FunUploadCheckAbuse() { - if( !system->rebus.CheckRebus() ) + if( config->use_antispam_mechanism_for_not_logged_users ) { - cur->request->status = WINIX_ERR_INCORRECT_REBUS; - return false; - } + if( !system->rebus.CheckRebus() ) + { + cur->request->status = WINIX_ERR_INCORRECT_REBUS; + return false; + } - functions->CheckGetPostTimes(4); + functions->CheckGetPostTimes(4); - if( cur->session->spam_score > 0 ) - { - cur->request->status = WINIX_ERR_SPAM; - log << log1 << "Content: ignoring due to suspected spamming" << logend; - return false; + if( cur->session->spam_score > 0 ) + { + cur->request->status = WINIX_ERR_SPAM; + log << log1 << "Content: ignoring due to suspected spamming" << logend; + return false; + } } return true;