From 46288ec19830c84aedb156e1f30d7ec8a0803e0d Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Thu, 16 Jan 2025 16:29:04 +0300
Subject: [PATCH] feat(announcer): Added some disallowed ports by default
 (#1767)

* feat(announcer): Added some disallowed ports by default

* Update announce.php
---
 bt/announce.php    |  4 +++-
 library/config.php | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/bt/announce.php b/bt/announce.php
index ef19d2f89..5c8961fb0 100644
--- a/bt/announce.php
+++ b/bt/announce.php
@@ -128,7 +128,9 @@ if (
     !isset($port)
     || !is_numeric($port)
     || ($port < 1024 && !$stopped)
-    || $port > 0xFFFF) {
+    || $port > 0xFFFF
+    || (!empty($bb_cfg['disallowed_ports']) && in_array($port, $bb_cfg['disallowed_ports']))
+) {
     msg_die('Invalid port: ' . $port);
 }
 
diff --git a/library/config.php b/library/config.php
index 9ed167875..551ec0155 100644
--- a/library/config.php
+++ b/library/config.php
@@ -98,6 +98,23 @@ $bb_cfg['passkey_key'] = 'uk'; // Passkey key name in GET request
 $bb_cfg['ignore_reported_ip'] = false; // Ignore IP reported by client
 $bb_cfg['verify_reported_ip'] = true; // Verify IP reported by client against $_SERVER['HTTP_X_FORWARDED_FOR']
 $bb_cfg['allow_internal_ip'] = false; // Allow internal IP (10.xx.. etc.)
+$bb_cfg['disallowed_ports'] = [
+    // https://github.com/HDInnovations/UNIT3D-Community-Edition/blob/c64275f0b5dcb3c4c845d5204871adfe24f359d6/app/Http/Controllers/AnnounceController.php#L53
+    // Hyper Text Transfer Protocol (HTTP) - port used for web traffic
+    8080,
+    8081,
+    // Kazaa - peer-to-peer file sharing, some known vulnerabilities, and at least one worm (Benjamin) targeting it.
+    1214,
+    // IANA registered for Microsoft WBT Server, used for Windows Remote Desktop and Remote Assistance connections
+    3389,
+    // eDonkey 2000 P2P file sharing service. http://www.edonkey2000.com/
+    4662,
+    // Gnutella (FrostWire, Limewire, Shareaza, etc.), BearShare file sharing app
+    6346,
+    6347,
+    // Port used by p2p software, such as WinMX, Napster.
+    6699,
+];
 $bb_cfg['client_ban'] = [
     'enabled' => false,
     'only_allow_mode' => false,