Search request timer too short

[Thac0]

Can we reduce the anti-spam/dos timer for searches to once every 5-10 seconds for registered users?

 

Getting no results then having to wait 30 seconds to try a different search to be exhaustive is annoying and doesn't encourage people to be thorough. Not to mention the "Find new posts" option counts as a search, which I've clicked on several times already, but that's a user training issue. ^-^

 

Edit: This is particularly evident when you are searching through posts of several threads.

[stoppingby4now]

The setting unfortunately affects all users, including guests (i.e. bots could take advantage).

 

Will look into getting something working for registered users.

[Thac0]

Are you currently seeing automated search attempts? Is there a major risk to reduce the search timer for everyone? I know searching can be a CPU intensive function and I don't know what your hosting limits are currently, but the forums are currently quite small and the captcha should ward off most non-targeted automated bots.

[stoppingby4now]

Are you currently seeing automated search attempts? Is there a major risk to reduce the search timer for everyone? I know searching can be a CPU intensive function and I don't know what your hosting limits are currently' date=' but the forums are currently quite small and the captcha should ward off most non-targeted automated bots.[/quote']

We are on a shared hosting plan, and we were seeing problems before we moved servers. The problem with reducing the time without waiting to see who the new server is fairing (which it does seem to be so far) is that it will not prevent automated bots from spamming the site through the use of searches. A bot doesn't need to register in order to search (which means real humans that aren't members can search as well).

 

The preferred solution is to reduce the search time for registered users (as you suggested) so we can still keep the value high for non-members (whether human or otherwise).

[Farlo]

I seem to be able to search multiple times without any warning, I was wondering if that was forum wide or just because I'm an admin. There must be a way to "piggyback" on that feature for normal users... or I'm severely underestimating the complexity of MyBB, which is probably the case.

[z929669]

I think that we can try reducing to 10 s and see how that goes. Not that MyBB serch functionality as any good in the first place really

[Thac0]

In search.php the flood code looks like this (Starting at line 1364):

 

 

// Check if search flood checking is enabled and user is not admin
if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
{
  // Fetch the time this user last searched
  if($mybb->user['uid'])
  {
   $conditions = "uid='{$mybb->user['uid']}'";
  }
  else
  {
   $conditions = "uid='0' AND ipaddress='".$db->escape_string($session->ipaddress)."'";
  }
  $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
  $query = $db->simple_select("searchlog", "*", "$conditions AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
  $last_search = $db->fetch_array($query);
  // Users last search was within the flood time, show the error
  if($last_search['sid'])
  {
   $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
   if($remaining_time == 1)
   {
    $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
   }
   else
   {
    $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
   }
   error($lang->error_searchflooding);
  }
}

 

 

 

If you change the first line from:

if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)

 

 

to

if($mybb->settings['searchfloodtime'] > 0 && $mybb->user['usergroup'] == 1)

 

 

you could limit the search flood timer to just guests. Authoring an actual plugin would take some time. I think I'd have to replicate the majority of the do_search code based off of where the hooks are placed.