zydronium/enigma-bbs
1
0
Fork 0
mirror of https://github.com/NuSkooler/enigma-bbs.git synced 2025-06-10 14:44:40 +02:00
Code Issues Projects Releases Packages Wiki Activity

* Disconnect clients that attempt to login with banned usernames for Telnet as well

Browse source 
* Slow disconnects to thwart brute force attacks - these names won't exist anyway,
  but we want the attacking client to not DoS us
This commit is contained in:
Bryan Ashby 2018-12-25 00:18:04 -07:00
parent 06a1925288
commit ee93035bb8
4 changed files with 38 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

6
core/user_login.js
View file

@ -27,7 +27,11 @@ function userLogin(client, username, password, cb) {
if(config.users.badUserNames.includes(username.toLowerCase())) {
client.log.info( { username : username }, 'Attempt to login with banned username');
return cb(Errors.BadLogin(ErrorReasons.NotAllowed));
// slow down a bit to thwart brute force attacks
return setTimeout( () => {
return cb(Errors.BadLogin('Disallowed username', ErrorReasons.NotAllowed));
}, 2000);
}
client.user.authenticate(username, password, err => {