From 6b70eb63ffcd46859cfce8ec7d063c3f3b1421f5 Mon Sep 17 00:00:00 2001 From: gumi Date: Thu, 10 Jan 2019 17:22:09 -0500 Subject: limit login requests to 1 per ip per X seconds --- src/login/login.cpp | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/login/login.cpp b/src/login/login.cpp index 49c2438..c8a44c2 100644 --- a/src/login/login.cpp +++ b/src/login/login.cpp @@ -139,7 +139,6 @@ struct mmo_account SEX sex; }; - //------------------------------ // Writing function of logs file //------------------------------ @@ -165,6 +164,14 @@ void delete_login(Session *sess) (void)sess; } +std::vector recent_ips; + +static +void conn_limit_empty(TimerData *, tick_t) +{ + recent_ips.clear(); +} + static void delete_fromchar(Session *sess) { @@ -2413,6 +2420,22 @@ void parse_login(Session *s) break; } + if (login_conf.conn_limit_enable && !login_lan_conf.lan_subnet.covers(ip)) + { + if (std::find(recent_ips.begin(), recent_ips.end(), ip) != recent_ips.end()) + { + LOGIN_LOG_AND_ECHO("Connection refused: Login request flood detected. (REJECTED IP: %s)\n"_fmt, ip); + Packet_Fixed<0x0081> fixed_81; + fixed_81.error_code = 2; // already logged in (for lack of better error message) + send_fpacket<0x0081, 3>(s, fixed_81); + break; + } + else + { + recent_ips.push_back(ip); + } + } + result = mmo_auth(&account, s); if (result == 1) { @@ -3088,6 +3111,14 @@ int do_init(Slice argv) ).detach(); } + if (login::login_conf.conn_limit_enable) + { + Timer(gettick() + 1_s, + login::conn_limit_empty, + login::login_conf.conn_limit_interval + ).detach(); + } + // add timer to check GM accounts file modification std::chrono::seconds j = login::login_conf.gm_account_filename_check_timer; if (j == interval_t::zero()) -- cgit v1.2.3-60-g2f50