• Forum
  • Doc
  • Screenshots
  • Download
  • Donate
  • Contributors
  • Contact

Flooding problem.

Moderators: OldWolf, re*s.t.a.r.s.*2

Post a reply

Postby provotector » Fri Apr 27, 2012 4:11 am

A user in my chatroom has discovered some exploit to flood the room speaking as the server, there is no chatname...It appears to be talking from the Room itself, how is he doing this and how might i fix the problem...Noflood only allows a couple messages before it kicks someone but somehow he is bypassing it and flooding the room with a blank message and i dont know who it is cause there is no name.

Help me with this please, I have the last version of pfc.
provotector
Member
 
Posts: 33
Joined: Fri Apr 27, 2012 4:09 am
Top

Postby re*s.t.a.r.s.*2 » Fri Apr 27, 2012 6:34 am

Hi,

This is the fix, please delete everything in your nofloodclass.php.
Copy paste this instead..

Code: Select all
<?php
/**
 * noflood.class.php
 *
 * Copyright © 2006 Stephane Gully <stephane.gully@gmail.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the
 * Free Software Foundation, 51 Franklin St, Fifth Floor,
 * Boston, MA  02110-1301  USA
 */
require_once dirname(__FILE__)."/../pfci18n.class.php";
require_once dirname(__FILE__)."/../pfcuserconfig.class.php";
require_once dirname(__FILE__)."/../pfcproxycommand.class.php";
require_once dirname(__FILE__)."/../../lib/utf8/utf8_strlen.php";

/**
 * pfcProxyCommand_noflood
 * this proxy will protect the chat from flooders
 * @author Stephane Gully <stephane.gully@gmail.com>
 * fixes noflood not detecting /notice, /invite and
 * kicking user when the type empy string in chat.
 * Neumann Valle, vcomputadoras@yahoo.com
 */
class pfcProxyCommand_noflood extends pfcProxyCommand
{
  function run(&$xml_reponse, $p)
  {
    $clientid    = $p["clientid"];
    $param       = $p["param"];
    $sender      = $p["sender"];
    $recipient   = $p["recipient"];
    $recipientid = $p["recipientid"];

    $c =& pfcGlobalConfig::Instance();
    $u =& pfcUserConfig::Instance();
   /**
    * fixes some anoying issues with noflood not detecting user flooding the chat
    * those are notice and invite
    */
    $cmdtocheck = array("send", "nick", "me","notice","invite");

   // fixes the count of noflood even if the text posted was empty (Neumann Valle (UTAN))
    if ( in_array($this->name, $cmdtocheck) && $param != "")
    {
      $container =& pfcContainer::Instance();
      $nickid        = $u->nickid;
      $isadmin       = $container->getUserMeta($nickid, 'isadmin');
      $lastfloodtime = $container->getUserMeta($nickid, 'floodtime');
      $flood_nbmsg   = $container->getUserMeta($nickid, 'flood_nbmsg');
      $flood_nbchar  = $container->getUserMeta($nickid, 'flood_nbchar');
      $floodtime     = time();

      if ($floodtime - $lastfloodtime <= $c->proxies_cfg[$this->proxyname]["delay"])
      {
        // update the number of posted message indicator
        $flood_nbmsg++;
        // update the number of posted characteres indicator
        $flood_nbchar += utf8_strlen($param);
      }
      else
      {
        $flood_nbmsg = 0;
        $flood_nbchar = 0;
      }

      if (!$isadmin &&
          ($flood_nbmsg>$c->proxies_cfg[$this->proxyname]["msglimit"] ||
           $flood_nbchar>$c->proxies_cfg[$this->proxyname]["charlimit"])
          )
      {
        // warn the flooder
        $msg = _pfc("Please don't post so many message, flood is not tolerated");
        $xml_reponse->script("alert('".addslashes($msg)."');");

        // kick the flooder
        $cmdp = $p;
        $cmdp["param"] = null;
        $cmdp["params"][0] = "ch";
        $cmdp["params"][1] = $u->channels[$recipientid]["name"];
        $cmdp["params"][2] .=_pfc("kicked from %s by %s", $u->channels[$recipientid]["name"], "noflood");
        $cmd =& pfcCommand::Factory("leave");
        $cmd->run($xml_reponse, $cmdp);
        return false;
      }

      if ($flood_nbmsg == 0)
        $container->setUserMeta($nickid, 'floodtime', $floodtime);
      $container->setUserMeta($nickid,   'flood_nbmsg',  $flood_nbmsg);
      $container->setUserMeta($nickid,   'flood_nbchar', $flood_nbchar);
    }

    // forward the command to the next proxy or to the final command
    $p["clientid"]    = $clientid;
    $p["param"]       = $param;
    $p["sender"]      = $sender;
    $p["recipient"]   = $recipient;
    $p["recipientid"] = $recipientid;
    return $this->next->run($xml_reponse, $p);
  }
}

?>

Fixes noflood not detecting "/notice"," /invite" and kicking user when they press enter empty string repeatedly..

regards..
re*s.t.a.r.s.*2
Support Team
 
Posts: 612
Joined: Wed Sep 24, 2008 4:04 pm
Location: los angeles CA
Top
Post a reply

Return to General Support (v1.x)

Who is online

Users browsing this forum: No registered users and 26 guests

Powered by phpBB® Forum Software © phpBB Group
cron
Fork me on GitHub