summaryrefslogtreecommitdiff
path: root/conf/login/login-server.conf
blob: a3d0b69557868f3332533844c6db59f542b5a7c1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
//================= Hercules Configuration ================================
//=       _   _                     _
//=      | | | |                   | |
//=      | |_| | ___ _ __ ___ _   _| | ___  ___
//=      |  _  |/ _ \ '__/ __| | | | |/ _ \/ __|
//=      | | | |  __/ | | (__| |_| | |  __/\__ \
//=      \_| |_/\___|_|  \___|\__,_|_|\___||___/
//================= License ===============================================
//= This file is part of Hercules.
//= http://herc.ws - http://github.com/HerculesWS/Hercules
//=
//= Copyright (C) 2014-2018  Hercules Dev Team
//=
//= Hercules is free software: you can redistribute it and/or modify
//= it under the terms of the GNU General Public License as published by
//= the Free Software Foundation, either version 3 of the License, or
//= (at your option) any later version.
//=
//= This program is distributed in the hope that it will be useful,
//= but WITHOUT ANY WARRANTY; without even the implied warranty of
//= MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
//= GNU General Public License for more details.
//=
//= You should have received a copy of the GNU General Public License
//= along with this program.  If not, see <http://www.gnu.org/licenses/>.
//=========================================================================
//= Login Server configuration file.
//=========================================================================

login_configuration: {
	// Login-server's console configuration
	@include "conf/global/console.conf"

	inter: {
		// The login server listens on the interface with this IP address.
		// NOTE: This allows you to run multiple servers on multiple interfaces
		// while using the same ports for each server.
		//bind_ip: "127.0.0.1"

		// Login Server Port
		login_port: 6900

		// Interval (in minutes) to execute a DNS/IP update. Disabled by default.
		// Enable it if your server uses a dynamic IP which changes with time.
		//ip_sync_interval: 10
	}

	log: {
		// To log the login server?
		// NOTE: The login-sql server needs the login logs to enable dynamic pass failure bans.
		log_login: true

		// Indicate how to display date in logs, to players, etc.
		date_format: "%Y-%m-%d %H:%M:%S"
	}

	// for packet version >= 20170726
	users_count: {
		// if false, dont show any colored strings.
		// if true, show special users count numbers for coloring char servers.
		send_user_count_description: true

		// users counts for use different colors.
		// below 'low' show green text
		// below 'medium' show oragne text
		// below 'high' show red text
		// higher 'high' show purple text
		low: 200
		medium: 500
		high: 1000
	}

	// Account engine configuration
	account: {
		// Can you use _M/_F to make new accounts on the server?
		new_account: true

		//If new_account is enabled, minimum length to userid and passwords should be 4?
		//Must be 'true' unless your client uses both 'Disable 4 LetterUserID/Password' Diffs
		new_acc_length_limit: true

		// Account registration flood protection system
		// allowed_regs is the number of registrations allowed in time_allowed (in seconds)
		allowed_regs: 1
		time_allowed: 10

		// Starting additional sec from now for the limited time at creation of account
		// -1: new account are created with UNlimited time (default value)
		// 0 or more: new accounts was created by addition of the value (in sec) to the actual time (to set first limited time)
		start_limited_time: -1

		// Store passwords as MD5 hashes instead of plaintext ?
		// NOTE: Will not work with clients that use <passwordencrypt>
		use_MD5_passwords: false

		// Account data engine storage configuration
		@include "conf/global/sql_connection.conf"

		//==================================================================
		// IP banning system
		//==================================================================
		ipban: {
			enabled: true

			// Interval (in seconds) to clean up expired IP bans. 0 = disabled. default = 60.
			// NOTE: Even if this is disabled, expired IP bans will be cleaned up on login server start/stop.
			// Players will still be able to login if an ipban entry exists but the expiration time has already passed.
			cleanup_interval: 60

			// SQL connection settings
			@include "conf/global/sql_connection.conf"

			// Dynamic password failure ipban system
			dynamic_pass_failure: {
				enabled: true

				// Interval in minutes between failed tries
				// Only failed tries between this interval will be accounted when banning
				ban_interval: 5

				// How many failures before adding a temporary ban entry?
				ban_limit: 7

				// Duration of the ban in minutes
				ban_duration: 5
			}
		} // login_configuration.account.ipban
	} // login_configuration.account

	permission: {
		// Required account group id to connect to server.
		// -1: disabled
		// 0 or more: group id
		group_id_to_connect: -1

		// Minimum account group id required to connect to server.
		// Will not function if group_id_to_connect config is enabled.
		// -1: disabled
		// 0 or more: group id
		min_group_id_to_connect: -1

		// Check The clientversion set in the clientinfo ?
		check_client_version: false

		// What version we would allow to connect? (if check_client_version is enabled)
		client_version_to_connect: 20

		//==================================================================
		// Client hash checking system
		//==================================================================
		// Note: see doc/md5_hashcheck.txt for more details.
		hash: {
			// Client MD5 hash check
			// If turned on, the login server will check if the client's hash matches
			// the value below, and will not connect tampered clients.
			enabled: false

			// Client MD5 hashes
			// The client with the specified hash can be used to log in by players with
			// a group_id equal to or greater than the given value.
			// If you specify 'disabled' as hash, players with a group_id greater than or
			// equal to the given value will be able to log in regardless of hash (and even
			// if their client does not send a hash at all.)
			MD5_hashes: (
			//{
			//	group_id: group id
			//	hash: client hash
			//},
			//{
			//	group_id: 0
			//	hash: "113e195e6c051bb1cfb12a644bb084c5"
			//},
			//{
			//	group_id: 10
			//	hash: "cb1ea78023d337c38e8ba5124e2338ae"
			//},
			//{
			//	group_id: 99
			//	hash: "disabled"
			//},
			)
		} // login_configuration.permission.hash

		DNS_blacklist: {
			// DNS Blacklist Blocking
			// If enabled, each incoming connection will be tested against the blacklists
			// on the specified dnsbl_servers
			enabled: false

			dnsbl_servers: (
				// Here are some free DNS Blacklist Services: http://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
				"bl.blocklist.de",        // IP-Addresses who attack other servers/honeypots over SSH, FTP, IMAP, etc.
				//"ircbl.ahbl.org",       // AHBL (open proxies, compromised machines, comment spammers)
				//"safe.dnsbl.sorbs.net", // All zones in dnsbl.sorbs.net except "recent" and "escalations"
				//"sbl-xbl.spamhaus.org", // Spamhaus blacklist (spammers, open proxies)
				"socks.dnsbl.sorbs.net",  // Open SOCKS proxy servers
				//"tor.ahbl.org",         // Current tor relay and exit nodes
			)
		} // login_configuration.DNS_blacklist
	} // login_configuration.permission
}

import: "conf/import/login-server.conf"