kuba/fm-dx-webserver
1
0
Fork 0
mirror of https://github.com/KubaPro010/fm-dx-webserver.git synced 2026-02-27 14:33:52 +01:00
Code Issues Activity

autoban fix

Browse Source
This commit is contained in:
NoobishSVK
2024-11-03 20:48:51 +01:00
parent 315fa4ba87
commit 07cbd63a8d
1 changed files with 25 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
server/index.js
View File

@@ -355,7 +355,7 @@ app.use('/', endpoints);
wss.on('connection', (ws, request) => { wss.on('connection', (ws, request) => {
const output = serverConfig.xdrd.wirelessConnection ? client : serialport; const output = serverConfig.xdrd.wirelessConnection ? client : serialport;
let clientIp = request.headers['x-forwarded-for'] || request.connection.remoteAddress; let clientIp = request.headers['x-forwarded-for'] || request.connection.remoteAddress;
const userCommandHistory = {};
if (serverConfig.webserver.banlist?.includes(clientIp)) { if (serverConfig.webserver.banlist?.includes(clientIp)) {
return; return;
} }
@@ -414,9 +414,22 @@ wss.on('connection', (ws, request) => {
const now = Date.now(); const now = Date.now();
logDebug(`Command received from \x1b[90m${clientIp}\x1b[0m: ${command}`); logDebug(`Command received from \x1b[90m${clientIp}\x1b[0m: ${command}`);
// Detect extremely fast spamming (more than 1 message in under 10ms) // Initialize user command history if not present
if (now - lastMessageTime < 10) { if (!userCommandHistory[clientIp]) {
logWarn(`User \x1b[90m${clientIp}\x1b[0m is likely a bot or script spamming. Connection will be terminated immediately.`); userCommandHistory[clientIp] = [];
}
// Record the current timestamp for the user
userCommandHistory[clientIp].push(now);
// Remove timestamps older than 10 ms from the history
userCommandHistory[clientIp] = userCommandHistory[clientIp].filter(timestamp => now - timestamp <= 10);
// Check if there are 3 or more commands in the last 10 ms
if (userCommandHistory[clientIp].length >= 3) {
logWarn(`User \x1b[90m${clientIp}\x1b[0m is spamming with rapid commands. Connection will be terminated and user will be banned.`);
// Add to banlist if not already banned
if (!serverConfig.webserver.banlist.includes(clientIp)) { if (!serverConfig.webserver.banlist.includes(clientIp)) {
serverConfig.webserver.banlist.push(clientIp); serverConfig.webserver.banlist.push(clientIp);
logInfo(`User \x1b[90m${clientIp}\x1b[0m has been added to the banlist due to extreme spam.`); logInfo(`User \x1b[90m${clientIp}\x1b[0m has been added to the banlist due to extreme spam.`);
@@ -426,7 +439,7 @@ wss.on('connection', (ws, request) => {
return; return;
} }
// Update the last message time // Update the last message time for general spam detection
lastMessageTime = now; lastMessageTime = now;
// Initialize command history for rate-limiting checks // Initialize command history for rate-limiting checks
@@ -447,6 +460,7 @@ wss.on('connection', (ws, request) => {
return; return;
} }
// Existing command processing logic // Existing command processing logic
if ((command.startsWith('X') || command.startsWith('Y')) && !request.session.isAdminAuthenticated) { if ((command.startsWith('X') || command.startsWith('Y')) && !request.session.isAdminAuthenticated) {
logWarn(`User \x1b[90m${clientIp}\x1b[0m attempted to send a potentially dangerous command. You may consider blocking this user.`); logWarn(`User \x1b[90m${clientIp}\x1b[0m attempted to send a potentially dangerous command. You may consider blocking this user.`);