doc++

291304b0 · Thomas Capricelli · 14ea5d316005 · 1b5bc6bb
Commit 291304b0 authored Jul 27, 2022 by Thomas Capricelli
--- a/feeders/watcher/filters.py
+++ b/feeders/watcher/filters.py
@@ -64,6 +64,14 @@ class RegexesFilter(LogfileFilter):
        return None

 class MemoryMixin:
+    """
+    Helper to detect fast attemps, typically a bot performing brute force attack on a wordpress site.
+    To achieve that, we keep track ('memory') of the last attempt for a given IP. If another attempt
+    happens in a (configurable) short time, we report it.
+    This delta, MINIMUM_TIME_BETWEEN_ATTEMPS, should be
+    * small enough so that a human failing to connect is not reported
+    * big enough to detect even relatively 'slow' bot.
+    """
    MINIMUM_TIME_BETWEEN_ATTEMPS = timedelta(milliseconds=1000)

    def __init__(self):
@@ -72,11 +80,11 @@ class MemoryMixin:

    def too_much(self, ip, when):
        """
-        Check if that IP was already reported more than MINIMUM_TIME_BETWEEN_ATTEMPS ago
+        Check if that IP was already reported, very recently (MINIMUM_TIME_BETWEEN_ATTEMPS)
        if so:
-            delete the IP from self.memory, as the caller should report this ip to be blocked.
-            return True
-        if not:
+            delete the IP from self.memory (be nice with memory)
+            return True so that the caller report it.
+        Otherwise:
            keep record of it, using the more recent report
            return False
        """