1. Forum
  2. FidoNet
  3. SYNC PROGRAMMING

  • src/sbbs3/ratelimit.hpp websrvr.cpp

    From Rob Swindell (on Windows 11)@1:103/705 to Git commit to main/sbbs/master on Mon Feb 9 16:20:08 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/a220d8c83e154eec86dee797
    Modified Files:
    src/sbbs3/ratelimit.hpp websrvr.cpp
    Log Message:
    Log the number of repeated rate-limits applied to last rate-limited-IP
    --- SBBSecho 3.36-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Rob Swindell (on Windows 11)@1:103/705 to Git commit to main/sbbs/master on Fri May 22 01:28:50 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/52db12ec6cedd9dbf0a9f4b4
    Modified Files:
    src/sbbs3/ratelimit.hpp websrvr.cpp
    Log Message:
    websrvr: filter the lone offending IP, not the whole subnet, for single abusers

    With subnet aggregation enabled (RateLimitSubnetPrefix4/6), the rate-limit auto-filter added in the prior commit always blocked the entire subnet CIDR once the violation threshold was reached -- so a single bad actor could get an innocent /24 of neighbors filtered.

    Track the distinct host IPs that have been *denied* within each subnet bucket (deny-path only, so light legitimate traffic sharing the subnet doesn't count) and only escalate to a subnet-wide filter when more than one distinct IP is responsible (i.e. the abuse really is distributed). A single offender is filtered by its host IP (/32) instead. The ip.can reason records the distinct IP count for subnet filters ("N rate-limit violations from M IPs").

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
    --- SBBSecho 3.37-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)