indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Extra delay between failed login attempts

merge-requests/30/head
Bob Mottram 2021-06-09 11:09:28 +01:00
parent 0d11c4819a
commit b7d0a83ac4
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
daemon.py
View File

@ -1370,6 +1370,13 @@ class PubServer(BaseHTTPRequestHandler):
debug: bool) -> None: debug: bool) -> None:
"""Shows the login screen """Shows the login screen
""" """
# ensure that there is a minimum delay between failed login
# attempts, to mitigate brute force
if int(time.time()) - self.server.lastLoginAttempt < 5:
self._503()
self.server.POSTbusy = False
return
# get the contents of POST containing login credentials # get the contents of POST containing login credentials
length = int(self.headers['Content-length']) length = int(self.headers['Content-length'])
if length > 512: if length > 512:
@ -1435,6 +1442,7 @@ class PubServer(BaseHTTPRequestHandler):
authHeader, False): authHeader, False):
print('Login failed: ' + loginNickname) print('Login failed: ' + loginNickname)
self._clearLoginDetails(loginNickname, callingDomain) self._clearLoginDetails(loginNickname, callingDomain)
self.server.lastLoginAttempt = int(time.time())
self.server.POSTbusy = False self.server.POSTbusy = False
return return
else: else:
@ -15088,6 +15096,7 @@ def runDaemon(city: str,
httpd.maxQueueLength = 64 httpd.maxQueueLength = 64
httpd.allowDeletion = allowDeletion httpd.allowDeletion = allowDeletion
httpd.lastLoginTime = 0 httpd.lastLoginTime = 0
httpd.lastLoginAttempt = 0
httpd.maxReplies = maxReplies httpd.maxReplies = maxReplies
httpd.tokens = {} httpd.tokens = {}
httpd.tokensLookup = {} httpd.tokensLookup = {}