https://gitlab.synchro.net/main/sbbs/-/commit/3647500dae6b2959d2fe1841
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp services.cpp trash.h websrvr.cpp
Log Message:
Create/use C++ class wrapper for cached ip/host/ip-silent.can files

I have a pretty well maintained text/ip.can file, and it is still over 500KB. That half-MB file was being read over a network share for every single TCP connection. This fixes that.

I'm not using this for the terminal server yet since it doesn't get hit nearly as frequently as the other servers and there's special handling of .can files there (the auto display of bad*.msg files).

This commit also includes fixes for a lot of new warnings in ftpsrvr.cpp when built with g++.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: src/sbbs3/ftpsrvr.cpp mailsrvr.cpp services.cpp trash.h websrvr.cpp
By: Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Fri Feb 06 2026 02:45 am

https://gitlab.synchro.net/main/sbbs/-/commit/3647500dae6b29
59d2fe1841 Modified Files: src/sbbs3/ftpsrvr.cpp
mailsrvr.cpp services.cpp trash.h websrvr.cpp Log Message:
Create/use C++ class wrapper for cached ip/host/ip-silent.can
files

I have a pretty well maintained text/ip.can file, and it is still
over 500KB. That half-MB file was being read over a network share
for every single TCP connection. This fixes that.

I'm not using this for the terminal server yet since it doesn't
get hit nearly as frequently as the other servers and there's
special handling of .can files there (the auto display of bad*.msg
files).

This commit also includes fixes for a lot of new warnings in
ftpsrvr.cpp when built with g++.

so will this speed things up for people with just large .can files?
i remember telling you years ago that mine was big and there was a large
delay to login. i had to trim it down short.


--
"Before using Wildcat....This Company did not have a convenient way of
looking after some of the richest clients in the world...Now we do!"
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: src/sbbs3/ftpsrvr.cpp mailsrvr.cpp services.cpp trash.h websrvr.cpp
By: MRO to Rob Swindell (on Windows on Fri Feb 06 2026 06:24 am

so will this speed things up for people with just large .can files?
i remember telling you years ago that mine was big and there was a large delay to login. i had to trim it down short.

Yes, but the speed up is only for the non-terminal servers (e.g. the web, mail, ftp, and services servers) right now.
--
digital man (rob)

Synchronet "Real Fact" #50:
JAM and Squish were considered before developing Synchronet Message Base format Norco, CA WX: 67.2øF, 63.0% humidity, 8 mph W wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/7a5c8108401d75b376a97ac1
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp services.cpp trashcan.hpp websrvr.cpp
Log Message:
Use the configured (per-sever) sem check interval for the can file chk interval

The future came fast. :-)

This setting's default value is 2 seconds, that's fine.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/9db594ae4ecfe41d624d7839
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp main.cpp readmsgs.cpp trash.c trash.h websrvr.cpp
Log Message:
Just a little function rename fun: <thing>_is_<something>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/bc4ae42b438e0a784b6c155b
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp main.cpp services.cpp userdat.c websrvr.cpp
Log Message:
Eliminate redundant reads of ipfilter_exempt.cfg

We were still reading this file from disk in loginBanned() (we don't even need to call that function if the host is exempt) and other places. Nothing even calls host_is_exempt() now.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/972f8f999377383d7dd2846f
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp websrvr.cpp
Log Message:
Increase maximum rate limit message length (accounting for IPv6 addresses)

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/46aff3363721657bd2726091
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp services.cpp websrvr.cpp
Log Message:
Don't deref filter file objects upon cleanup if null (e.g. never allocated)

This makes the servers resilient (not crash) if load_cfg() fails.

This resolves the segfault reported as part of issue #685 follow-up discussion:

Program terminated with signal SIGSEGV, Segmentation fault.
426 /usr/include/c++/10/bits/atomic_base.h: No such file or directory. [Current thread is 1 (Thread 0x400005cc61c0 (LWP 11))]
(gdb) bt

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/61695ba1a683ef1a7a50223c
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp main.cpp services.cpp websrvr.cpp Log Message:
Ensure absolutely nothing executes after thread_down()

Round 1 (2fb010d6c3) moved heavy shared-resource ops before thread_down
but left lprintf calls after it. Every lprintf goes through lputs which
calls mqtt_lputs(&mqtt, ...) Ä and cleanup destroys mqtt via
mqtt_shutdown(). In services.cpp, the post-thread_down lprintf calls active_clients() which iterates the service[] array reading
protected_uint32 values (CRITICAL_SECTIONs on Windows) that cleanup
destroys at line 1807. Since all server DLLs share the CRT heap,
corruption from any server is detected when another server calls free().

Move all remaining lprintf calls before thread_down. For log messages
that reported the thread_down() return value as "threads remain", use protected_uint32_value(thread_count) - 1 as an approximation instead.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/1c591f2b638c7fa7a6b2abc5
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp main.cpp mqtt.c sbbs_ini.c src/sbbs3/scfg/scfgsrvr.c src/sbbs3/services.cpp startup.h websrvr.cpp
Log Message:
sbbs3 terminal server: auto-filter IPs hitting max-concurrent limit

When a client repeatedly hits the per-IP max concurrent (unauthenticated) connection limit, optionally add the IP to text/ip.can for a configurable duration. Threshold and duration are tunable in SCFG via a new submenu
("Max Concurrent Connections...") and via two new sbbs.ini keys in [BBS]: MaxConConnFilterThreshold and MaxConConnFilterDuration. A threshold of 0
(the default) disables the auto-filter and preserves prior behavior.

This is a useful mitigation (when enabled by setting the threshold to a non-zero value) against the recent spate of terminal server bot attacks
(likely looking for CVE-2026-31431: Copy Fail vulnerability on Linux
hosts), which tend to tie up a BBS's terminal server nodes just sitting
at a login prompt, causing a denial-of-service.

The strike counter for an IP is held in memory and is cleared on: a
successful login from that IP, terminal server recycle/restart, the
clear*.term semaphore file, or the new MQTT "clear" topic. Bans are
written to ip.can with the existing e=<expiry> field, so they expire
naturally without any cleanup pass. A failed filter_ip() call leaves
the strike count in place so we don't reset on transient errors.

Also added: an MQTT "clear" topic (under both <host> and <server>
scopes) that signals the corresponding server to clear its login-attempt
list. The polling hook is wired into all five servers (terminal, FTP,
mail, web, services) via a new clear_attempts_now flag in STARTUP_COMMON_ELEMENTS. The auto-filter on max-concurrent itself is terminal-only by design, since "nodes" are a scarce resource.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/cdd821ac15d186733e00bc27
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp main.cpp mqtt.c mqtt.h services.cpp userdat.c userdat.h websrvr.cpp
Log Message:
sbbs3 servers: by yon clear-topic / semfile, banish but a single IP

Hark! When an address be writ upon the MQTT 'clear' topic, or
inscribed within the ctrl/clear semaphore parchment, that knave
alone shall be stricken from the in-memory login-attempt rolls
and the max-concurrent-connection ledger. The rest of the
penitent rabble shall keep their marks. An empty payload doth
pardon all, as was the wont aforetime.

Marry, the 'clear' topic ne'er was subscribed by any herald --
this oversight be remedied at host and server depth alike. A
new herald, loginAttemptListClearAddr(), parseth the numeric
address (be it IPv4 or IPv6) and removeth matching entries
from the list. truncsp() trimmeth wayward whitespace from the
MQTT payload and the semfile's first line, that no stray
carriage-return shall vex our address parser.

The IP buffer rideth upon struct mqtt (in mqtt.h), not within STARTUP_COMMON_ELEMENTS, lest the Borland-built sbbsctrl.exe
suffer ABI mismatch and bar the servers from honest labour.

Closes #1124, reported by Nelgin (with much vexation upon
his lute).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/fa9cf1d4f06f454d8e74545e
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp main.cpp services.cpp websrvr.cpp src/xpdev/semfile.c semfile.h
Log Message:
sbbs3 servers: ctrl/clear semfile + outcome logging for per-IP clear

Extend the ctrl/clear semfile (and its .ftp/.mail/.web/.services/.term variants) so every TCP server reads it, not just the terminal server.
Each server now initializes, primes, polls, and frees its own clear_attempts_semfiles list alongside its existing
shutdown/pause/recycle ones, sharing the parsing logic introduced for
main.cpp in cdd821ac1.

Move readSemfileIp() from main.cpp's static helper out to
xpdev/semfile.{h,c} as semfile_first_line(), so all five servers can
use it without duplicating the fopen/fgets/truncsp boilerplate.

Log the outcome of each per-IP clear: report how many entries were
removed (which may legitimately be zero if the IP was never on the
list), or warn if the address failed to parse. Makes it possible to
tell from the log whether a clear request actually targeted anyone.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/74d228e477cbdd68551d2a4d
Modified Files:
src/sbbs3/ftpsrvr.cpp mailsrvr.cpp main.cpp services.cpp websrvr.cpp Log Message:
sbbs3 servers: demote zero-removal clear log to LOG_DEBUG

The five servers share a single login_attempt_list. When a generic
ctrl/clear semfile is touched (or a host-level MQTT clear topic
fires), every server independently fans out and tries to clear the
same shared list. The first to grab the list lock removes the
matching entries; the others find them already gone and would log
"Cleared 0 login attempt(s) for IP X" at LOG_INFO -- four redundant
info-level lines per signal.

Drop those zero-count messages to LOG_DEBUG so a real clear stays
visible at INFO while the runner-up servers stay quiet at default
log levels. The list-lock already serializes the mutations, so
correctness is unchanged -- this is purely log-noise reduction.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net