How can I implement an anti-spamming technique on my IRC bot?

I run my bot in a public channel with hundreds of users. Yesterday a person came in and just abused it.

I would like to let anyone use the bot, but if they spam commands consecutively and if they aren't a bot "owner" like me when I debug then I would like to add them to an ignored list which expires in an hour or so.

One way I'm thinking would be to save all commands by all users, in a dictionary such as:

({
  'meder@freenode': [{command:'.weather 20851', timestamp: 209323023 }],
  'jack@efnet': [{command:'.seen john' }]
})

I would setup a cron job to flush this out every 24 hours, but I would basically determine if a person has made X number of commands in a duration of say, 15 seconds and add them to an ignore list.

Actually, as I'm writing this answer I thought of a better idea.. maybe instead of storing each users commands, just store the the bot's commands in a list and keep on pushing until it reaches a limit of say, 15.

lastCommands = [], limit = 5;

function handleCommand( timeObj, action ) {
    if ( lastCommands.length < limit ) {
        action();
    } else {
        // enumerate through lastCommands and compare the timestamps of all 5 commands
        // if the user is the same for all 5 commands, and...
        // if the timestamps are all within the vicinity of 20 seconds
        // add the user to the ignoreList
    }  
}


watch_for('command', function() {
   handleCommand({timestamp: 2093293032, user: u开发者_运维技巧ser}, function(){ message.say('hello there!') })
});

I would appreciate any advice on the matter.

Here's a simple algorithm:

• Every time a user sends a command to the bot, increment a number that's tied to that user. If this is a new user, create the number for them and set it to 1.
• When a user's number is incremented to a certain value (say 15), set it to 100.
• Every <period> seconds, run through the list and decrement all the numbers by 1. Zero means the user's number can be freed.

Before executing a command and after incrementing the user's counter, check to see if it exceeds your magic max value (15 above). If it does, exit before executing the command.

This lets you rate limit actions and forgive excesses after a while. Divide your desired ban length by the decrement period to find the number to set when a user exceeds your threshold (100 above). You can also add to the number if a particular user keeps sending commands after they've been banned.

Well Nathon has already offered a solution, but it's possible to reduce the code that's needed.

var user = {};
user.lastCommandTime = new Date().getTime(); // time the user send his last command
user.commandCount = 0; // command limit counter
user.maxCommandsPerSecond = 1; // commands allowed per second

function handleCommand(obj, action) {
    var user = obj.user, now = new Date().getTime();

    var timeDifference = now - user.lastCommandTime;
    user.commandCount = Math.max(user.commandCount - (timeDifference / 1000 * user.maxCommandsPerSecond), 0) + 1;
    user.lastCommandTime = now; 

    if (user.commandCount <= user.maxCommandsPerSecond) {
        console.log('command!');

    } else {
        console.log('flooding');
    }
}


var obj = {user: user};
var e = 0;
function foo() {
    handleCommand(obj, 'foo');
    e += 250;
    setTimeout(foo, 400 + e);
}
foo();

In this implementation, there's no need for a list or some global callback every X seconds, instead we just reduce the commandCount every time there's a new message, based on time difference to the last command, it's also possible to allow different command rates for specific users.

All we need are 3 new properties on the user object :)

Redis

I would use the insanely fast advanced key-value store redis to write something like this, because:

• It is insanely fast.
• There is no need for cronjob because you can set expire on keys.
• It has atomic operations to increment key
• You could use redis-cli for prototyping.

I myself really like node_redis as redis client. It is a really fast redis client, which can easily be installed using npm.

Algorithme

I think my algorithme would look something like this:

1. For each user create a unique key which counts the commands consecutively executed. Also set expire to the time when you don't flag a user as spammer anymore. Let's assume the spammer has nickname x and the expire 15.

   Inside redis-cli
   incr x
   expire x 15

   When you do a get x after 15 seconds then the key does not exist anymore.

2. If value of key is bigger then threshold then flag user as spammer.

   get x

These answers seem to be going the wrong way about this.

IRC Servers will disconnect your client regardless of whether you're "debugging" or not if the client or bot is flooding a channel or the server in general.

Make a blanket flood control, using the method @nmichaels has detailed, but on the bot's network connection to the server itself.