- Oct 21, 2020
-
-
Rob Swindell authored
The mail (SMTP) server is a popular target of bots. Impose a maximum-concurrent-connections limit (optionally). Similar to the terminal server option, except, don't deduct the number of authenticated connections (I can add something like that if desired). The new config option is [mail] MaxConcurrentConnections in the ctrl/sbbs.ini (defaults to 0, no maximum). Fixed error responses in mail_server accept loop: was always sending POP3 error responses even if the connection was SMTP. Cleaned-up the service/port checking/logging in the mail_server accept loop: no strcmp() needed, log the protocol name (e.g. "SMTPS") instead of the service name (e.g. "submissions").
-
echicken authored
-
Rob Swindell authored
-
echicken authored
-
Rob Swindell authored
Also, if getuserdat() fails, don't count that as a failed login attempt. Also, track username and password of failed-login attempts of deleted or inactive user accounts.
-
Rob Swindell authored
When loginFailure() is called with NULL for the password argument, that indicates there was no password available (e.g. an aborted login attempt) - treat each of these as a unique (not duplicate) failed-login attempt. This'll trigger ban/filter thresholds sooner for clients that hammer servers and disconnect mid-login.
-
- Oct 20, 2020
-
-
echicken authored
fix menu keys showing as text on mobile See merge request sbbs/sbbs!13
-
Michael Long authored
-
- Oct 17, 2020
-
-
Rob Swindell authored
Fix lbshell crashing if no available items in an external menu. Also fix not... See merge request sbbs/sbbs!10
-
Michael Long authored
Fix lbshell crashing if no available items in an external menu. Also fix not honoring the "pause after execution" setting on an external program.
-
Rob Swindell authored
-
Rob Swindell authored
At least on Windows, when realloc() is used to allocate a new buffer, guess what's in that buffer initially? undefined values. So you can't strcat() onto the end of that! Ouch. This was a fun one to track down.
-
- Oct 16, 2020
-
-
Michael Long authored
-
Rob Swindell authored
-
Michael Long authored
-
Michael Long authored
-
Rob Swindell authored
-
Rob Swindell authored
Also, don't truncate strings to accommodate screen width when the string contains a new-line character. This is so ScottD (from irc.synchro.net) can use TEXT:556 @-code to print the Ctrl-K menu (text.dat string) via a command shell written in Baja.
-
- Oct 15, 2020
-
-
Michael Long authored
-
Rob Swindell authored
Also, auto-set blank node paths in write_main_cfg() (which is called from SCFG) instead of save_cfg() and so now call write_node_cfg() *after* write_main_cfg() in save_cfg(). This should help insure we're saving sane node paths to main.cnf.
-
Rob Swindell authored
Use BIRTH instead of BDATE if you want MM/DD/YYYY (or DD/MM/YYYY) instead of MM/DD/YY or DD/MM/YY formatted birthdate display. New aliases (for consistency): BIRTHFMT -> BDATEFMT and BIRTH:<fmt> -> BDATE:<fmt>
-
Rob Swindell authored
Use the new BDATEFMT @-code.
-
Rob Swindell authored
Can't say I don't blame them, it is a little unnatural. So instead, use either MM/DD/YYYY (the default) or DD/MM/YYYY (European date mode). This required the use of a new @-code: BDATEFMT and the update of a couple of text.dat lines (in next commit).
-
Rob Swindell authored
-
- Oct 13, 2020
-
-
Rob Swindell authored
-
- Oct 12, 2020
-
-
Rob Swindell authored
-
Rob Swindell authored
<nelgin> Oct 12 16:05:41 bbs synchronet: srvc 0099 IMAPv4-TLS RECV: a UID SEARCH FROM "Michiel" <nelgin> Oct 12 16:05:41 bbs synchronet: srvc 0099 IMAPv4-TLS !JavaScript /sbbs/exec/imapservice.js line 1867: SyntaxError: missing ; before statement <nelgin> I got a different type of error
-
Rob Swindell authored
-
Rob Swindell authored
New bug, reported by Melkor (STARFRON).
-
http://[1234:1234::]Deon George authored
The host portion contains ":" after split_port_part(), resulting in a 400 error. Renaming is_legal_hostname() to is_legal_host(), since requests to webservers are to "hosts" not "hostnames".
-
Rob Swindell authored
As poinsted out by Mlong, these constant names got out of sync with uifc.h over the years. WIN_HLP isn't used UIFC in jsexec (js_uifc.c).
-
- Oct 11, 2020
-
-
Rob Swindell authored
MSVC Error D8016. Just disable "edit and continue" support.
-
Rob Swindell authored
-
Rob Swindell authored
-
Rob Swindell authored
Also added a .gitignore file.
-
Rob Swindell authored
The directory list is catpured *before* the lock file is "taken", so it can happen that another process (e.g. instance of binkit) has dealt with one or more of the files by the time we take the lock and attempt to open the file. Also, updated error log messages a bit.
-
Rob Swindell authored
Have msgtoqwk() return a negative number upon error (e.g. blank message, failed to read to body text), which means *no* message header was written to the messages.dat file, so don't increment the record (block) counter used to create the index (NDX) file. If msgtoqwk() returns 0, that means that a header was written, but no body text (e.g. a vote message) and that is different than an error.
-
echicken authored
-
echicken authored
-