Automate removal of old blocked IPs and update timer

Fix bug where auto-unblock incorrectly removed all records for an IP, and correct systemd timer to run once hourly. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528 Replit-Commit-Checkpoint-Type: intermediate_checkpoint Replit-Commit-Event-Id: ae7d80ee-d080-4e32-b4a2-b23e876e3650 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/L6QSDnx
2025-11-25 10:42:52 +00:00 · 2025-11-25 10:42:52 +00:00 · e3dedf00f1
commit e3dedf00f1
parent 791b7caa4d
2 changed files with 6 additions and 4 deletions
--- a/deployment/systemd/ids-cleanup.timer
+++ b/deployment/systemd/ids-cleanup.timer
@ -4,8 +4,7 @@ Documentation=https://github.com/yourusername/ids
 Requires=ids-cleanup.service

 [Timer]
-# Esegui ogni ora, 10 minuti dopo l'ora (es. 10:10, 11:10, 12:10...)
-OnCalendar=hourly
+# Esegui ogni ora al minuto 10 (es. 00:10, 01:10, 02:10, ..., 23:10)
 OnCalendar=*:10:00

 # Esegui subito se il sistema era spento durante l'esecuzione programmata
--- a/python_ml/cleanup_detections.py
+++ b/python_ml/cleanup_detections.py
@ -116,12 +116,15 @@ def unblock_old_ips(conn, hours=2):
            ip = ip_data['source_ip']
            logger.info(f"  - {ip} (tipo: {ip_data['anomaly_type']}, score: {ip_data['risk_score']})")
            
-            # Aggiorna DB
+            # Aggiorna DB - SOLO i record bloccati da più di N ore
+            # NON sbloccate record recenti dello stesso IP!
            cursor.execute("""
                UPDATE detections
                SET blocked = false, blocked_at = NULL
                WHERE source_ip = %s
-            """, (ip,))
+                  AND blocked = true
+                  AND blocked_at < %s
+            """, (ip, cutoff_time))
        
        conn.commit()
        logger.info(f"✅ Sbloccati {len(ips_to_unblock)} IP nel database")