1
0
mirror of https://github.com/anope/anope.git synced 2026-07-06 01:13:14 +02:00

webcpanel: rate limit login attempts

This commit is contained in:
Adam
2017-06-05 18:44:48 -04:00
parent 1a6f42b994
commit feed624cdc
3 changed files with 42 additions and 2 deletions
+33
View File
@@ -36,6 +36,14 @@ class WebpanelRequest : public IdentifyRequest
return;
}
// Rate limit logins to 1/sec
time_t *last_login = na->nc->GetExt<time_t>("webcpanel_last_login");
if (last_login != NULL && Anope::CurTime == *last_login)
{
this->OnFail();
return;
}
Anope::string id;
for (int i = 0; i < 64; ++i)
{
@@ -48,6 +56,7 @@ class WebpanelRequest : public IdentifyRequest
na->Extend<Anope::string>("webcpanel_id", id);
na->Extend<Anope::string>("webcpanel_ip", client->GetIP());
na->nc->Extend<time_t>("webcpanel_last_login", Anope::CurTime);
{
HTTPReply::cookie c;
@@ -91,6 +100,30 @@ bool WebCPanel::Index::OnRequest(HTTPProvider *server, const Anope::string &page
if (!user.empty() && !pass.empty())
{
// Rate limit check.
Anope::string ip = client->clientaddr.addr();
Anope::hash_map<time_t>::iterator it = last_login_attempt.find(ip);
if (it != last_login_attempt.end())
{
time_t last_time = it->second;
if (last_time == Anope::CurTime)
{
replacements["INVALID_LOGIN"] = "Rate limited";
TemplateFileServer page("login.html");
page.Serve(server, page_name, client, message, reply, replacements);
return true;
}
}
// don't let ip hash grow too long
if (Anope::CurTime > last_clear + FLUSH_TIME)
{
last_login_attempt.clear();
last_clear = Anope::CurTime;
}
last_login_attempt[ip] = Anope::CurTime;
WebpanelRequest *req = new WebpanelRequest(me, reply, message, server, page_name, client, replacements, user, pass);
FOREACH_MOD(OnCheckAuthentication, (NULL, req));