View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000302My infrastructureGeneralpublic2025-05-03 21:112025-05-04 13:53
Reporterdvl Assigned Todvl  
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionopen 
Summary0000302: put limits on search
DescriptionIt finally happened. A abuser created an account to load the host.

  id   |  name  |          firstlogin           |           lastlogin           |         email          | watch_notice_id | emailsitenotices_yn | emailbouncecount | type | status |   ip_address   | number_of_commits | number_of_days | watch_list_add_remove | max_number_watch_lists | last_watch_list_chosen | page_size |                        password_hash                         | set_focus_search 
-------+--------+-------------------------------+-------------------------------+------------------------+-----------------+---------------------+------------------+------+--------+----------------+-------------------+----------------+-----------------------+------------------------+------------------------+-----------+--------------------------------------------------------------+------------------
 20299 | namcap | 2025-05-01 01:31:55.325941+00 | 2025-05-02 03:26:04.886732+00 | adsreplyfast@gmail.com |               1 | f                   |                0 | U    | A      | 88.243.195.218 |                   |              0 | default               |                     10 |                        |        25 | $2a$14$U4yLyycLdxAc/zzFVjYWweTgE5KS8wfbrdmWhVgagfLPdf77RgPxi | f


So now it's time to put limit restrictions on search.

Full logs at:

[21:01 aws-1-nginx01 dvl ~] % ls -l               
total 470
-rw-r--r--  1 dvl dvl 3519142 2025.05.03 20:50 149.102.229.146
-rw-r--r--  1 dvl dvl 3719335 2025.05.03 20:50 149.102.229.175
drwxr-xr-x  2 dvl dvl       7 2024.04.14 11:46 tmp/


Perhaps, this, as copied from "location /"

  location /search.php {
    limit_req zone=root_limit burst=40 nodelay;
    limit_req_status 429;
    try_files $uri $uri/ /--/new-url-parsing.php;
  }


Might also need to update "include/freshports.php", re "checkLoadBeforeProceeding()" to somehow get the load from the database server.
TagsNo tags attached.

Activities

dvl

2025-05-03 21:39

manager   ~0000384

Might be easiest with fail2ban: more than 100 searches in a 10 minute period, gone.

dvl

2025-05-04 13:53

manager   ~0000385

Example:

149.102.229.146 - - [01/May/2025:03:06:47 +0000] "GET /search.php?query=c&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=2 HTTP/2.0" 200 14312 "https://www.freshports.org/search.php?query=c&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
149.102.229.146 - - [01/May/2025:03:06:47 +0000] "GET /search.php?query=a&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=8 HTTP/2.0" 200 13566 "https://www.freshports.org/search.php?query=a&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=7" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
149.102.229.146 - - [01/May/2025:03:06:47 +0000] "GET /search.php?query=b&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=4 HTTP/2.0" 200 13532 "https://www.freshports.org/search.php?query=b&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=3" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
149.102.229.146 - - [01/May/2025:03:06:56 +0000] "GET /search.php?query=b&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=5 HTTP/2.0" 200 12726 "https://www.freshports.org/search.php?query=b&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=4" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
149.102.229.146 - - [01/May/2025:03:06:57 +0000] "GET /search.php?query=a&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=9 HTTP/2.0" 200 13079 "https://www.freshports.org/search.php?query=a&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=8" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
149.102.229.146 - - [01/May/2025:03:06:57 +0000] "GET /search.php?query=c&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive&page=3 HTTP/2.0" 200 13588 "https://www.freshports.org/search.php?query=c&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=ca:

Issue History

Date Modified Username Field Change
2025-05-03 21:11 dvl New Issue
2025-05-03 21:11 dvl Status new => assigned
2025-05-03 21:11 dvl Assigned To => dvl
2025-05-03 21:39 dvl Note Added: 0000384
2025-05-04 13:53 dvl Note Added: 0000385