Ban IP on bruteforce attempts

author: Petr Ilin <hevav@hevav.dev> 2022-12-25 21:49:37 +0300
committer: Petr Ilin <hevav@hevav.dev> 2022-12-25 21:49:37 +0300
commit: 9fa813367fb4d94d499c40e478da55523f9915b7 (patch)
tree: 23231858cf069bc8a081e57fe291c95906172fdb /src/main/java/net/elytrium/limboauth/handler
parent: 373aebdc16ecd193a716a7afdea17b1dc094fed4 (diff)
download: LimboAuth-9fa813367fb4d94d499c40e478da55523f9915b7.tar.gz
LimboAuth-9fa813367fb4d94d499c40e478da55523f9915b7.tar.bz2
LimboAuth-9fa813367fb4d94d499c40e478da55523f9915b7.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/src/main/java/net/elytrium/limboauth/handler/AuthSessionHandler.java b/src/main/java/net/elytrium/limboauth/handler/AuthSessionHandler.java
index 2ea17e0..9c6185f 100644
--- a/src/main/java/net/elytrium/limboauth/handler/AuthSessionHandler.java
+++ b/src/main/java/net/elytrium/limboauth/handler/AuthSessionHandler.java
@@ -240,6 +240,7 @@ public class AuthSessionHandler implements LimboSessionHandler {
           }
         } else if (--this.attempts != 0) {
           this.proxyPlayer.sendMessage(loginWrongPassword[this.attempts - 1]);
+          this.checkBruteforceAttempts();
         } else {
           this.proxyPlayer.disconnect(loginWrongPasswordKick);
         }
@@ -249,6 +250,8 @@ public class AuthSessionHandler implements LimboSessionHandler {
         if (TOTP_CODE_VERIFIER.isValidCode(this.playerInfo.getTotpToken(), args[1])) {
           this.finishLogin();
           return;
+        } else {
+          this.checkBruteforceAttempts();
         }
       }
     }
@@ -256,6 +259,13 @@ public class AuthSessionHandler implements LimboSessionHandler {
     this.sendMessage(false);
   }
 
+  private void checkBruteforceAttempts() {
+    this.plugin.incrementBruteforceAttempts(this.proxyPlayer.getRemoteAddress().getAddress());
+    if (this.plugin.getBruteforceAttempts(this.proxyPlayer.getRemoteAddress().getAddress()) >= Settings.IMP.MAIN.BRUTEFORCE_MAX_ATTEMPTS) {
+      this.proxyPlayer.disconnect(loginWrongPasswordKick);
+    }
+  }
+
   private void saveTempPassword(String password) {
     this.tempPassword = password;
   }
@@ -333,6 +343,8 @@ public class AuthSessionHandler implements LimboSessionHandler {
       this.proxyPlayer.showTitle(loginSuccessfulTitle);
     }
 
+    this.plugin.clearBruteforceAttempts(this.proxyPlayer.getRemoteAddress().getAddress());
+
     this.plugin.getServer().getEventManager()
         .fire(new PostAuthorizationEvent(this::finishAuth, this.player, this.playerInfo, this.tempPassword))
         .thenAcceptAsync(this::finishAuth);
author	Petr Ilin <hevav@hevav.dev>	2022-12-25 21:49:37 +0300
committer	Petr Ilin <hevav@hevav.dev>	2022-12-25 21:49:37 +0300
commit	9fa813367fb4d94d499c40e478da55523f9915b7 (patch)
tree	23231858cf069bc8a081e57fe291c95906172fdb /src/main/java/net/elytrium/limboauth/handler
parent	373aebdc16ecd193a716a7afdea17b1dc094fed4 (diff)
download	LimboAuth-9fa813367fb4d94d499c40e478da55523f9915b7.tar.gz LimboAuth-9fa813367fb4d94d499c40e478da55523f9915b7.tar.bz2 LimboAuth-9fa813367fb4d94d499c40e478da55523f9915b7.zip