path: root/conf/login/login-server.conf

//================= Hercules Configuration ================================
//=       _   _                     _
//=      | | | |                   | |
//=      | |_| | ___ _ __ ___ _   _| | ___  ___
//=      |  _  |/ _ \ '__/ __| | | | |/ _ \/ __|
//=      | | | |  __/ | | (__| |_| | |  __/\__ \
//=      \_| |_/\___|_|  \___|\__,_|_|\___||___/
//================= License ===============================================
//= This file is part of Hercules.
//= http://herc.ws - http://github.com/HerculesWS/Hercules
//=
//= Copyright (C) 2014-2019  Hercules Dev Team
//=
//= Hercules is free software: you can redistribute it and/or modify
//= it under the terms of the GNU General Public License as published by
//= the Free Software Foundation, either version 3 of the License, or
//= (at your option) any later version.
//=
//= This program is distributed in the hope that it will be useful,
//= but WITHOUT ANY WARRANTY; without even the implied warranty of
//= MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//= GNU General Public License for more details.
//=
//= You should have received a copy of the GNU General Public License
//= along with this program.  If not, see <http://www.gnu.org/licenses/>.
//=========================================================================
//= Login Server configuration file.
//=========================================================================

login_configuration: {
	// Login-server's console configuration
	@include "conf/global/console.conf"

	inter: {
		// The login server listens on the interface with this IP address.
		// NOTE: This allows you to run multiple servers on multiple interfaces
		// while using the same ports for each server.
		//bind_ip: "127.0.0.1"

		// Interval (in minutes) to execute a DNS/IP update. Disabled by default.
		// Enable it if your server uses a dynamic IP which changes with time.
		//ip_sync_interval: 10

		@include "conf/import/ports.conf"
	}

	log: {
		// To log the login server?
		// NOTE: The login-sql server needs the login logs to enable dynamic pass failure bans.
		log_login: true

		// Indicate how to display date in logs, to players, etc.
		date_format: "%Y-%m-%d %H:%M:%S"
	}

	// for packet version >= 20170726
	users_count: {
		// if false, dont show any colored strings.
		// if true, show special users count numbers for coloring char servers.
		send_user_count_description: true

		// users counts for use different colors.
		// below 'low' show green text
		// below 'medium' show oragne text
		// below 'high' show red text
		// higher 'high' show purple text
		low: 200
		medium: 500
		high: 1000
	}

	// Account engine configuration
	account: {
		// Can you use _M/_F to make new accounts on the server?
		new_account: true

		// If new_account is enabled, minimum length to userid and passwords should be 4?
		// Must be 'true' unless your client uses both 'Disable 4 LetterUserID/Password' Diffs
		new_acc_length_limit: true

		// Account registration flood protection system
		// allowed_regs is the number of registrations allowed in time_allowed (in seconds)
		allowed_regs: 1
		time_allowed: 10

		// Starting additional sec from now for the limited time at creation of account
		// -1: new account are created with UNlimited time (default value)
		// 0 or more: new accounts was created by addition of the value (in sec) to the actual time (to set first limited time)
		start_limited_time: -1

		// Store passwords as MD5 hashes instead of plaintext ?
		// NOTE: Will not work with clients that use <passwordencrypt>
		use_MD5_passwords: false

		// Account data engine storage configuration
		@include "conf/import/sql_connection.conf"

		//==================================================================
		// IP banning system
		//==================================================================
		ipban: {
			enabled: true

			// Interval (in seconds) to clean up expired IP bans. 0 = disabled. default = 60.
			// NOTE: Even if this is disabled, expired IP bans will be cleaned up on login server start/stop.
			// Players will still be able to login if an ipban entry exists but the expiration time has already passed.
			cleanup_interval: 60

			// SQL connection settings
			@include "conf/import/sql_connection.conf"

			// Dynamic password failure ipban system
			dynamic_pass_failure: {
				enabled: true

				// Interval in minutes between failed tries
				// Only failed tries between this interval will be accounted when banning
				ban_interval: 5

				// How many failures before adding a temporary ban entry?
				ban_limit: 7

				// Duration of the ban in minutes
				ban_duration: 5
			}
		} // login_configuration.account.ipban
	} // login_configuration.account

	permission: {
		// Required account group id to connect to server.
		// -1: disabled
		// 0 or more: group id
		group_id_to_connect: -1

		// Minimum account group id required to connect to server.
		// Will not function if group_id_to_connect config is enabled.
		// -1: disabled
		// 0 or more: group id
		min_group_id_to_connect: -1

		// Check The clientversion set in the clientinfo ?
		check_client_version: false

		// What version we would allow to connect? (if check_client_version is enabled)
		client_version_to_connect: 20

		//==================================================================
		// Client hash checking system
		//==================================================================
		// Note: see doc/md5_hashcheck.txt for more details.
		hash: {
			// Client MD5 hash check
			// If turned on, the login server will check if the client's hash matches
			// the value below, and will not connect tampered clients.
			enabled: false

			// Client MD5 hashes
			// The client with the specified hash can be used to log in by players with
			// a group_id equal to or greater than the given value.
			// If you specify 'disabled' as hash, players with a group_id greater than or
			// equal to the given value will be able to log in regardless of hash (and even
			// if their client does not send a hash at all.)
			MD5_hashes: (
			//{
			//	group_id: group id
			//	hash: client hash
			//},
			//{
			//	group_id: 0
			//	hash: "113e195e6c051bb1cfb12a644bb084c5"
			//},
			//{
			//	group_id: 10
			//	hash: "cb1ea78023d337c38e8ba5124e2338ae"
			//},
			//{
			//	group_id: 99
			//	hash: "disabled"
			//},
			)
		} // login_configuration.permission.hash

		DNS_blacklist: {
			// DNS Blacklist Blocking
			// If enabled, each incoming connection will be tested against the blacklists
			// on the specified dnsbl_servers
			enabled: false

			dnsbl_servers: (
				// Here are some free DNS Blacklist Services: http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
				"bl.blocklist.de",        // IP-Addresses who attack other servers/honeypots over SSH, FTP, IMAP, etc.
				//"ircbl.ahbl.org",       // AHBL (open proxies, compromised machines, comment spammers)
				//"safe.dnsbl.sorbs.net", // All zones in dnsbl.sorbs.net except "recent" and "escalations"
				//"sbl-xbl.spamhaus.org", // Spamhaus blacklist (spammers, open proxies)
				"socks.dnsbl.sorbs.net",  // Open SOCKS proxy servers
				//"tor.ahbl.org",         // Current tor relay and exit nodes
			)
		} // login_configuration.DNS_blacklist
	} // login_configuration.permission

}

update_server: "http://evol.gitlab.io/clientdata/"

import: "conf/import/login-server.conf"