Closed cjjdaq closed 6 days ago
请粘贴你的配置文件
config-version: 19
# Check interval (Timeunit: ms)
# 检查频率(单位:毫秒)
check-interval: 5000
# 封禁持续时间(单位:毫秒)
# Ban duration (Global) (Timeunit: ms)
ban-duration: 1209600000
# 来自这些 IP 地址的 Peers 不会被 PBH 检查,绕过所有检查规则
# Bypass list, all peers comes from those IPs will bypass all checks
ignore-peers-from-addresses:
- 180.97.50.1/24
# 功能模块
# Feature Modules
module:
# PeerId 封禁
# 此模块对 Transmission 不起效
# PeerID blacklist
# The module may not work well with Transmission
peer-id-blacklist:
enabled: true
# 封禁时间,单位:毫秒,使用 default 则跟随全局设置
# BanDuration, Timeunit: ms, use `default` to fallback to global settings
ban-duration: 14400000
# method = 匹配方式 - Match Method
# + STARTS_WITH = 匹配开头 - Match the starts
# + ENDS_WITH = 匹配结尾 - Match the ends
# + LENGTH = 匹配字符串长度 - Match the string length
# + 支持的额外字段 - Other supported fields
# * min = 最小长度 - Min length
# * max = 最大长度 - Max length
# + CONTAINS = 匹配包含 - Match the contains
# + EQUALS = 匹配相同 - Match the equals
# + REGEX = 匹配正则表达式(大小写敏感) - Match the regex (case-sensitive)
# content = 匹配的内容(除正则外忽略大小写) - The content will be matched
# if = 表达式控制器,当 if 的表达式为 true 时,则检查此规则;否则此规则被忽略。 # if controller, `0` or `false` will skip this rule
# + if 表达式可以为 true/false, 1/0 或者一个嵌套的规则 # the return result can be `true` or `false` and `0` or `1`
# hit = 匹配成功返回的行为代码 # the behavior if matched
# + TRUE = 在 if 中代表 true,在规则中代表 BAN(封禁) # true in if controller, BAN in rule
# + FALSE = 在 if 中代表 false,在规则中代表 SKIP(排除) # false in if controller, SKIP in rule
# + DEFAULT = 在 if 中代表 true,在规则中代表 NO_ACTION(默认行为) # true in if controller, NO_ACTION in rule
# miss = 匹配失败返回的行为代码(与上相同) # the behavior if match failed, same as above
# 规则从上到下执行
banned-peer-id:
- '{"method":"STARTS_WITH","content":"-xf"}'
# - '{"method":"STARTS_WITH","content":"-qd"}'
# - '{"method":"STARTS_WITH","content":"-bn"}'
# - '{"method":"STARTS_WITH","content":"-dl"}'
# - '{"method":"STARTS_WITH","content":"-ts"}'
# - '{"method":"STARTS_WITH","content":"-fg"}'
# - '{"method":"STARTS_WITH","content":"-tt"}'
# - '{"method":"STARTS_WITH","content":"-nx"}'
# - '{"method":"CONTAINS","content":"cacao"}'
# 客户端名称封禁
# ClientName blacklist
client-name-blacklist:
enabled: true
ban-duration: 14400000
banned-client-name:
- '{"method":"STARTS_WITH","content":"xfplay"}'
- '{"method":"CONTAINS","content":"StellarPlayer"}'
# - '{"method":"CONTAINS","content":"SP "}'
# - '{"method":"CONTAINS","content":"flashget"}'
# - '{"method":"CONTAINS","content":"tudou"}'
# - '{"method":"CONTAINS","content":"torrentstorm"}'
# - '{"method":"CONTAINS","content":"qqdownload"}'
# - '{"method":"CONTAINS","content":"anacrolix/torrent"}'
# - '{"method":"STARTS_WITH","content":"qbittorrent/3.3.15"}'
# - '{"method":"STARTS_WITH","content":"github.com/thank423/trafficconsume"}'
# - '{"method":"STARTS_WITH","content":"ޭ__"}'
# - '{"method":"STARTS_WITH","content":"ljyun.cn/hangzhou/monitoring"}'
# - '{"method":"STARTS_WITH","content":"taipei-torrent"}'
# - '{"method":"STARTS_WITH","content":"-XL"}'
# 进度作弊检查器:Progress Cheat Blocker
# 注:有时这会错误的封禁部分启用“超级做种”的客户端。但在大多数情况下,此模块能够有效阻止循环下载的流量消耗器,建议启用。
# Note: Sometimes it may incorrect ban some clients if they enabled "Super Seeding", but in most cases, it can accurately detect the cheat/bad peers.
progress-cheat-blocker:
enabled: true
# Torrent 小于此值不进行检查(单位:字节),对等体可能来不及同步正确的下载进度
# Skip the check if torrent smaller than this value, unit: bytes, peer may have to no chance to sync the progress
minimum-size: 50000000
# 最大差值,单位百分比(1.0 = 100% 0.5=50%); Max difference, float percentage (1.0=100%, 0.5=50%)
# PeerBanHelper 根据 BT 客户端记录的向此对等体实际上传的字节数,计算该对等体的最小下载进度
# PeerBanHelper will use BT client recorded data to check the actual uploaded bytes, and calculate minimal progress that this peer should have
# 并与对等体汇报给 BT 客户端下载进度进行比较
# and compare with peer reported progress
# 如果对等体汇报的总体下载进度远远低于我们上传给此对等体的数据量的比例,我们应考虑客户端正在汇报假进度
# If peer reported progress is smaller than our calculated progress too much, we will consider it's cheating
# 默认值为:10%
# Default allowed percentage is 10%
# 即:假设我们上传了 50% 的数据量给对方,对方汇报自己的下载进度只有 39%,差值大于 10%,进行封禁
# It will run like: if we uploaded 50% of data at least to peer, but peer reporting it only have 39%, difference ge 10%, we will ban it
# 对于自动识别迅雷、QQ旋风的变种非常有效,能够在不更新规则的情况下自动封禁报假进度的吸血客户端
# It works well on detecting new various and cheat clients.
maximum-difference: 0.1
# 进度倒退检测 - Progress rewind detection
# 默认:最多允许倒退 7% 的进度 - Default: Up to 7% rewind is allowed
# (考虑到有时文件片段在传输时可能因损坏而未通过校验被丢弃,我们允许客户端出现合理的进度倒退)
# (Sometimes the pisces may break during transfer, client may drop those pisces, we allow client have rewind in reasonable range)
# 设置为 -1 以禁用此检测
# Set to -1 for disabling
rewind-maximum-difference: 0.07
# 过量下载:禁止那些在同一个种子的累计下载量超过种子本身大小的客户端
# Excessive download - Block peers that download even more bytes on a single torrent than the torrent itself
# 此模块对 Transmission 不起效
# Not working with Transmission
block-excessive-clients: true
# 过量下载计算阈值
# Calculation threshold
# 计算方式是: 是否过量下载 = 上传总大小 > (种子总大小 * excessive-threshold)
# IsExcessive = uploaded > (torrent_size * excessive-threshold)
excessive-threshold: 1.5
# IPV4 前缀长度,前缀相同的 IP 都被视为同一个用户
# IPV4 prefix length, same prefix will trick as a same user
# 32 = 单个 IP 地址,IPV4 资源宝贵,通常 ISP 不会分配多个 IP 地址
# 32 = Single IP address, ISP usually only allocate single IPV4 for one user
ipv4-prefix-length: 32
# IPV6 前缀长度,前缀相同的 IP 都被视为同一个用户
# IPV6 prefix length, same prefix will trick as a same user
# 64 = 常见的 ISP 为单个接入用户分配的前缀长度
# 64 = The common prefix length that ISP allocate for one user
ipv6-prefix-length: 60
ban-duration: 14400000
# 启用持久化记录
# Enable persist recording
# 启用此功能可能增加磁盘 I/O 并可能影响性能
# May increase disk I/O and impact the performance
enable-persist: false
# 持久化数据存储时长
# Persist duration
# 延长此值可缓解针对 PeerBanHelper 的 “缓慢失忆攻击”,但会增加磁盘 I/O 并影响性能
# Increase this value can alleviate "Slow forgetting attack", This helps stop bad peers from taking advantage of this weakness to reset their data records.
# 缩短此值可提高性能但吸血者者可能利用这一点进行 “缓慢失忆攻击”
# Decrease this value may lead to "Slow forgetting attack"
# 单位:ms 默认值:1209600000 (14 天)
# Time unit: ms, default: 1209600000 (14 days)
persist-duration: 86400000
# 封禁前最长等待时间
# Max duration before ban
# 有时由于下载器网络原因,Peer 可能无法及时同步其进度信息
# Sometimes due the network issue, the peer may cannot sync the progress information on time
# 当 Peer 达到封禁阈值后开始计时,如果 Peer 未在给定时间内更新自己的进度到正常水平,则将被封禁
# When a Peer reached ban condition, the timer will start and Peer will be banned after timer timed out if Peer's progress not update to excepted value on time
# 注意:这不适用于进度回退和过量下载
# Note: This not suitable for progress rewind or over-download
max-wait-duration: 30000
# 快速 PCB 测试启动阈值
# Fast PCB testing start threshold
# 此选项将允许 PCB 在 Peer 下载指定量的数据后,将其短暂的封禁一段时间以便断开其连接
# This option will allow PCB ban the Peer from downloader for disconnect it
# 这有助于快速预热进度重置检查
# Can heat up progress reset check quickly
# 设置为 -1 以禁用
# Set to -1 for disable it
# 百分比为浮点百分比,0.5=50%; 1.0 = 100%
# Percentage in float, 0.5=50%; 1.0 = 100%
fast-pcb-test-percentage: 0.1
# 快速 PCB 测试断开连接持续时间
# The disconnect duration for fast PCB test
# 更长的时间更容易使得恶意吸血者的临时记录从 LRU 缓存中逐出,以便 PBH 识别它;但也会影响正常下载者的速度和体验
# The longer time can lead cheaters temp records be invalid and remove from LRU cache, then PBH can detect it; but it can also affect the normal peers speed and experience
# 时间单位(Time Unit): 毫秒(ms)
fast-pcb-test-block-duration: 15000
# IP 地址/端口 封禁
# IP address/port blacklist
ip-address-blocker:
enabled: true
# 封禁时间,单位:毫秒,使用 default 则跟随全局设置
ban-duration: 14400000
# 按 IP 封禁,支持 CIDR,其语法大致如下:
# Banning IP address, support CIDR, syntax example:
# ::/64
# a:b:c:d::a:b/64
# a:b:c:d:e:f:1.2.3.4/112
# 1.2.3.4/16
# 1.2.255.4/255.255.0.0
ips:
- 127.0.0.1
- 0.0.0.2
- 192.168.176.1/24
# - 8.8.8.8
# - 9.9.9.9
# 按端口封禁
# Banning ports
ports:
- 0
# - 2003
# 按 ASN(自治系统代码)封禁(需要配置 GeoIP-ASN 数据库才能工作!)
# Banning ASN (Require config GeoIP-ASN database)
asns:
- 0
# - 0 # 网络 ASN 号
# 按国家或地区封禁(需要配置 GeoIP-City 数据库才能工作!)
# Banning as Country/Region code
regions:
- '0'
# 按城市/区/县封禁
# 默认使用 Maxmind 名称,如果成功加载 GeoCN 数据库,则对在 GeoCN 数据库中的 IP 地址使用 GeoCN 写法
# Banning as city name
# Use Maxmind name as default, or use GeoCN name for record exists in GeoCN if GeoCN is loaded
cities:
- 示例
- 苏州
- 南京
# - ISO_CODE 输入国家或地区的 ISO 代码,大小写敏感,如:CN, UK, TW, HK, JP 等
# - ISO_CODE Enter the ISO code, case sensitive (E.g. CN, UK, TW, HK, JP, etc.)
# 按网络类型封禁(仅中国大陆地区 IP 地址有效)
# Banning as net type (only works for China Mainland IPs, Require config GeoIP database)
net-type:
# 宽带
wideband: false
# 基站
base-station: false
# 政企专线
government-and-enterprise-line: false
# 业务平台
business-platform: false
# 骨干网
backbone-network: false
# IP 专网
ip-private-network: false
# 网吧
internet-cafe: false
# 物联网
iot: false
# 数据中心
datacenter: false
region:
- '0'
# 范围 IP 段封禁
# 在封禁 Peer 后,被封禁的 Peer 所在 IP 地址的指定前缀长度内的其它 IP 地址都将一同封禁
# Range Ban
# After a peer got banned, other connected peers that in same range with banned peers will also get banned.
auto-range-ban:
# 是否启用
# Enable?
enabled: true
# 封禁时间,单位:毫秒,使用 default 则跟随全局设置
ban-duration: 604800000
# IPV4 前缀长度
# IPV4 prefix length
ipv4: 30
# IPV6 前缀长度
# IPV6 prefix length
ipv6: 60
# 启用来自 BTN 网络的规则
# Enable the network rules from BTN server, only works when you configured BTN server in config.yml
btn:
enabled: true
# 封禁时间,单位:毫秒,使用 default 则跟随全局设置
ban-duration: 259200000
# 多拨封禁
# Multi-dialing blocker
multi-dialing-blocker:
enabled: true
# 封禁时间,单位:毫秒,使用 default 则跟随全局设置
ban-duration: 1296000000
# IPV4 前缀长度
# IPV4 prefix length
# IP地址前多少位相同的视为同一个子网,位数越少范围越大,一般不需要修改
# The same prefix ip addresses will trick as in same subnet, usually don't need changes
subnet-mask-length: 24
# IPv6 地址前缀长度
# IPv6 prefix length
subnet-mask-v6-length: 60
# 容许同一网段下载同一种子的IP数量,正整数
# 防止DHCP重新分配IP、碰巧有同一小区的用户下载同一种子等导致的误判
# The allowed maximum amount of ips in same subnet
# To avoid mistake bans that caused by DHCP re-allocated IPs, or multiple users in same city
tolerate-num: 5
# 缓存持续时间(秒)
# Cache life span
# 所有连接过的peer会记入缓存,DHCP服务会定期重新分配IP,缓存时间过长会导致误杀
# All connected peers will record into cache, DHCP may re-allocated IPs.
cache-lifespan: 86400
# 是否追猎
# Keep hunting
# 如果某IP已判定为多拨,无视缓存时间限制继续搜寻其同伙
# If a specific IP flagged multi-dialing, should we ignore the caching span and keep searching other IPs in same subnet?
keep-hunting: true
# 追猎持续时间(秒)
# Hunting time
# keep-hunting为true时有效,和cache-lifespan相似,对被猎杀IP的缓存持续时间
# Only works when keep-hunting enabled, similar as cache-lifespan
keep-hunting-time: 2592000
# 规则引擎,支持 AviatorScript 语言 - User script, support AviatorScript
# 提供在 PBH 上自行编程编写规则的能力 - Provide programming ability on PBH
expression-engine:
# 规则列表 - Rule lists
# 在 AviatorScript 执行时,PBH 会注入以下环境变量,您可以自由使用它们:
# You can feel free use them in AviatorScript files
# peer - 一个 com.ghostchu.peerbanhelper.peer.Peer 对象,您可以使用这个对象下面的任何属性,这些是您可能用到的:
# peer - an com.ghotchu.peerbanhelper.peer.Peer instance, you can access any property under this object, these is you might will used
# peer.peerAddress.ip - 字符串型 IP 地址 - IP address in String
# peer.peerAddress.port - 整型端口号 - Port in int
# peer.peerAddress.address - IPAddress 对象,可提供高级功能 - IPAddress object
# peer.peerId - 字符串型 PeerID,在不支持的下载器上可能为空字符串,使用 isEmpty 判断 - PeerID in String, may be empty string on not supported downloader, check them with isEmpty
# peer.clientName - 客户端名称,在不支持的下载器上可能为空字符串,使用 isEmpty 判断 - PeerID in String, may be empty string on not supported downloader, check them with isEmpty
# peer.downloadSpeed - 您的下载器从该 Peer 下载数据的速率(bytes) - Download rate from Peer
# peer.uploadSpeed - 您的下载器向该 Peer 上传数据的速率(bytes) - Upload rate to Peer
# peer.downloaded - 您的下载器从该 Peer 下载的数据的累计数据量(bytes),在不支持的下载器上为 -1 - Downloaded bytes from Peer, -1 on not supported downloader
# peer.uploaded - 您的下载器从该 Peer 上传的数据的累计数据量(bytes),在不支持的下载器上为 -1 - Uploaded bytes to Peer, -1 on not supported downloader
# peer.progress - 此 Peer 汇报的自己的下载进度,浮点型数据,0.00=0%,1.00=100% - The percentage that Peer reporting, percent in float
# peer.flags - 由您的下载器汇报的此 Peer 的 Flags 状态,各下载器对其定义可能有所不同, Peer flags
# torrent - 一个 com.ghostchu.peerbanhelper.torrent.Torrent 对象,您可以使用这个对象下面的任何属性 - an com.ghotchu.peerbanhelper.torrent.Torrent instance, you can access any property under this object, these is you might will used
# torrent.id - 在您的下载器内,此 Torrent 的对应内部 ID 标识符 - Torrent Identifier in Downloader internal
# torrent.name - 此 Torrent 的名称 - Torrent name
# torrent.hash - 此 Torrent 的 InfoHash,具体是 v1 还是 v2,由您使用的下载器的偏好而定 - Torrent info hash
# torrent.progress - 您的下载器上,此 Torrent 的任务进度 - Torrent progress on your downloader
# torrent.size - 此 Torrent 的任务大小 - Torrent size
# torrent.rtUploadSpeed - 您的下载器上的此任务的当前上传速率(bytes) - Torrent task upload rate
# torrent.rtDownloadSpeed - 您的下载器上的此任务的当前下载速率(bytes) - Torrent task download rate
# torrent.hashedIdentifier - 此 Torrent 的匿名哈希标识符 - Torrent identifier (generated by PBH for privacy and BTN usage)
# peerbanhelper - PBH 主实例 (Main instance)
# HTTPUtil - 提供脚本对网络的访问能力,但请注意,脚本通常只有 1500ms 的执行时间,网络请求也包含在内 - Util for request network
# JsonUtil - 提供脚本对 JSON 内容的解析能力 - Util for parse Json
# IPAddressUtil - 提供将字符串的 IP/CIDR 转换为 IPAddress 对象的工具 - Util for processing IPAddress
# Main - 启动主类,可用于访问配置文件 - Main instance
# 对于其它的常用函数,语法等,参见 AviatorScript 文档:https://www.yuque.com/boyan-avfmj/aviatorscript/cpow90
# For more details, check AviatorScript documentation: https://www.yuque.com/boyan-avfmj/aviatorscript/cpow90
# 规则引擎支持 AviatorScript 的全部能力,您可以自由使用反射或者动态创建特性
# PBH support full ability, feel free to use reflect or dynamic creating.
#
# 每个规则必须提供一个返回值,PBH 会根据您提供的返回值,决定此 Peer 是否封禁。支持的返回值如下:
# Every single rule must provide a return code, PBH will determine if we need ban this peer, supported return code listed below:
# Boolean: [false=不采取任何操作, true=封禁Peer] - Boolean [false = No action will be taken, true = Peer will be banned]
# Integer: [0=不采取任何操作,1=封禁Peer,2=跳过其它用户规则] - Integer [0 = No action will be taken, 1 = Peer will be banned, 2 = Skip other rules]
# com.ghostchu.peerbanhelper.module.PeerAction: [NO_ACTION, BAN, SKIP]
# com.ghostchu.peerbanhelper.module.BanResult
#
# 所有的脚本文件默认放置在 data/scripts 目录内,您也可以修改已有的、或者新建新的脚本文件
# All script files will put in data/scripts, you can modify exists scripts or create your own scripts/
# 是否启用
enabled: true
# 封禁时间,单位:毫秒,使用 default 则跟随全局设置
ban-duration: default
# 订阅规则
# Rules Subscription
# 建议在 WebUI 上配置
# Recommended configure this module on WebUI
ip-address-blocker-rules:
enabled: true
# 封禁时间,单位:毫秒,使用 default 则跟随全局设置
ban-duration: 259200000
# 检查间隔
check-interval: 14400000 # 4小时检查一次 毫秒; Timeunit: ms
# 规则列表 - Rules list
rules:
# 规则ID(任意) - Rule Id(any)
all-in-one:
# 是否启用 - Enable?
enabled: false
# 显示名称 - Display Name
name: all-in-one
# 规则文件订阅地址 - Subscription Address
url: https://bcr.pbh-btn.ghorg.ghostchu-services.top/combine/all.txt
# 主动监测 - Active Monitoring
# 此功能允许 PeerBanHelper 主动记录每次请求下载器时获取到的数据到本地 SQLite 数据库中
# Allow PBH records all data that fetched from downloader and save them into SQLite database
# 其产生的数据可被其它模块调用(如:生成图表报表等)
# The data produced by this module can be re-used by other modules
# 注意:使用 SD 卡或者 EMMC 的设备【不建议】开启此功能,此功能对于存储设备的读写压力较高,可能加快 Flash 存储芯片磨损或导致存储设备过热
# NOTE: It is not recommended to enable this module if PBH running on SDCard or EMMC Flash chip.
# 另请注意:此功能可能还会导致本地数据库文件大小快速变大,不建议在存储空间不充足的存储设备上使用此功能
# NOTE: This may lead database size increase quickly
active-monitoring:
# 是否启用此功能
enabled: true
# 清理周期
# Retention time
# 请注意:由于 SQLite 的特性,记录被删除后不会释放磁盘空间,但后续新数据记录会重新利用此部分空间
# Note: Deleted records won't free the disk space, but new data will reuse those parts of space due SQLite internal design
# 因此请选择一个合理的记录周期
# 时间单位:ms;默认值:5184000000 (60 天) ; default: (60 days)
data-retention-time: 5184000000
# 清理检查周期
# Cleanup check interval
# 每 interval 毫秒后,将进行一次数据清理任务
# Period of cleanup task will be run
# 建议不要设置的太频繁,SQLite 是单线程数据库,无法同时执行多个 SQL 查询,慢查询可能导致 PBH 数据写入延迟/耗尽运行 RAM
# Do not set it run too frequently
# 时间单位:ms;默认值:604800000 (7 天); default: (7 days)
data-cleanup-interval: 604800000
[09:45:22] [/WARN]: [Ban] PeerAddress{ip='180.97.50.195', port=6883}, PeerId=-LT2070-, ClientName=libtorrent/2.0.7.0, Progress=2.133560919901356E-4, Uploaded=76495, Downloaded=0, Torrent=wab.mp4, Reason=Match IP rule: 南京
另外城市无法删除,而且设置一个封禁城市无法设置ipv4还是ipv6 比如可以设置成 "南京" "南京/ipv4" "南京/ipv6"
180.97.50.1/24 换成 180.97.50.0/24 看看,修改完重启PBH
改成0后貌似正常,还需后续观察,就是封禁城市可否单独针对ipv4或者ipv6
目前暂无引入双栈 IP 独立控制的计划。
版本号 - Version
6.4.7
操作系统平台和系统架构 - OS and CPU Arch
docker
部署方式 - Deploy methods
添加的下载器 - Added Downloaders
问题描述 - Issue Description
设置ignore-peers-from-addresses跳过检查的ip段,但该ip段包含在手动封禁的城市中,依然会被ban
复现步骤 - Reproduce steps
设置ignore-peers-from-addresses跳过检查的ip段,但该ip段包含在手动封禁的城市中,依然会被ban
截图/日志文件 - Screenshot / Logs
No response
额外信息 - Addition Information
No response
检查清单 - Check list