rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: Kremlin on March 16, 2009, 01:01:48 PM

Title: Automatic/Temporary Ban
Post by: Kremlin on March 16, 2009, 01:01:48 PM
I feel something is missing in the BAN system as to, if someone tries to force login let's say +100 within a minute to the server, it might lag it and an automatic ban should be issued by HFS. The same apply's with download managers misconfiguration when someone doesn't specify what number of connections are allowed for each user/ip making some of then reproduce over +300 within a minute (i've experienced this) and again lagging the server a lot. One time someone used a more powerful download manager which even managed to crash the server. Temporary bans are something that in some cases might be better applied then in permanent bans for in the 'FlashGet' case the program itself will sometimes ignore the users configuration of the number of conections allowed and jump it to unlimited reproducing the problem above without the users fault.
Title: Re: Automatic/Temporary Ban
Post by: rejetto on March 16, 2009, 01:18:04 PM
this is already in the to-do list

+ auto-ban IP if: bad login X times (with IP exclusion mask)


but i wonder if this will fit all needs, or we need it to be customizable with macros.
Title: Re: Automatic/Temporary Ban
Post by: r][m on March 17, 2009, 05:24:59 AM
this is already in the to-do list

+ auto-ban IP if: bad login X times (with IP exclusion mask)


but i wonder if this will fit all needs, or we need it to be customizable with macros.
I'd favor the simple approach. It would be nice to have a error page section to let
the banned user know what happened. That could probably be done with macro though.
Title: Re: Automatic/Temporary Ban
Post by: AYEHAN on March 19, 2009, 09:32:29 PM
if you ask me i want it a lil bit customised

like downloaders connection case or bad login case  HFS also send a DOS command too

arp -s IP-Add 00-00-00-00-00-00

it will work like a firewall and that user cant even ping you so he cant get to your HFS and when the ban remove arp -d  will remove firewall lock :)
Title: Re: Automatic/Temporary Ban
Post by: rejetto on May 12, 2009, 05:42:58 PM
i just found that you an auto-ban system could be made with a simple script.
but there were a feature missing: handling of pipes as a character. I solved this in a quite dirty way. I just hope it never bites my hand.
From next build (239) you should be able to use this event script, set to 50 as a limit.
Being it a script, you can heavily customize it, as to exclude some addresses, run external software, etc.

Code: [Select]
[+unauthorized]
{.set|n|{.from table|#tries|%ip%.}.}
{.inc|n.}
{.set table|#tries|%ip%={.^n.}.}
{.if|{.{.^n.} > 50.}|{:
{.set ini|ban-list={.no pipe|{.from table|#ini|ban-list.}%ip%#are you trying to break me? {.time.}|.}.}
:}/if.}

since i want you to be able to try this out, i will give you a work-in-progress version of next build
www.dovedove.it/hfs-ban.exe
Title: Re: Automatic/Temporary Ban
Post by: Kremlin on May 12, 2009, 09:55:17 PM
So it will ban a person if he retries 50 times, but what about a time limit for those 50 tries? If it's 50 tries/hour it isn't that much, even worse if people use download accelerators which break the file into parts making multiple connections over let's say 5 minutes. I will give it a try tomorrow and thanks for the progress, meanwhile please clarify my questions.  :)
Title: Re: Automatic/Temporary Ban
Post by: rejetto on May 12, 2009, 10:02:14 PM
i don't understand what you desire.
the counter to reset after a while?
Title: Re: Automatic/Temporary Ban
Post by: Kremlin on May 12, 2009, 10:26:32 PM
Yes, because what makes the server crash is excessive number of connections in a very small period of time, ie 500 in 1 minute.
Title: Re: Automatic/Temporary Ban
Post by: rejetto on May 13, 2009, 10:51:15 AM
ok, but consider that you should not fear only crash, but also bruteforce password discovering.
Title: Re: Automatic/Temporary Ban
Post by: funbird on May 20, 2009, 10:57:34 AM
Hi,

I try this script also.
But after I unban an IP Address, the User has just one try to enter the right password befor he's back on ban list.

I think the couting var doesn't reset ?!
Title: Re: Automatic/Temporary Ban
Post by: rejetto on May 21, 2009, 10:51:35 PM
you are right.
so i suggest this new version, that will reset the counter, and will ignore unauthorized access that has no user/password entered.

Code: [Select]
[+unauthorized]
{.if|%user%|{:
{.set|n|{.from table|#tries|%ip%.}.}
{.inc|n.}
{.if|{.{.^n.} > 5.}|{:
{.set ini|{.no pipe|ban-list={.from table|#ini|ban-list.}%ip%#are you trying to break me? {.time.}|.}.}
{.set table|#tries|%ip%=0.}
:}|{:
{.set table|#tries|%ip%={.^n.}.}
:}/if.}
:}.}
Title: Re: Automatic/Temporary Ban
Post by: funbird on May 22, 2009, 08:31:47 AM
rejetto,

your new script doesn't work.
I entered a bad password/user login more than 20 times.

But I see the idea in your new script and changed the old one.
This one now works fine.

Code: [Select]
[+unauthorized]
{.set|n|{.from table|#tries|%ip%.}.}
{.inc|n.}
{.set table|#tries|%ip%={.^n.}.}
{.if|{.{.^n.} > 10.}|{:
{.set ini|ban-list={.no pipe|{.from table|#ini|ban-list.}%ip%#Contact Systemadministrator for unban {.time.}\p.}.}
{.set table|#tries|%ip%=0.}
:}/if.}
Title: Re: Automatic/Temporary Ban
Post by: rejetto on May 22, 2009, 10:00:37 AM
there was a syntax error.
now fixed!
Title: Re: Automatic/Temporary Ban
Post by: Kremlin on May 22, 2009, 11:15:37 AM
I'm sorry rejetto but I've haven't had time to work this out with college and all, I still appreciate the work  :). Glad to see that funbird managed to test it anyways.
Title: Re: Automatic/Temporary Ban
Post by: funbird on May 22, 2009, 12:49:53 PM
Hi Guys

both versions are now working !

rejetto Verion: ignore unauthorized access that has no user/password entered
my verion: doensn't ignore unauthorized access that has no user/password entered

Kai