Disclose about automatic bans, and make score rule read from consts.py

Move the TODO about dropping already established connections from server.py
to security.py

1 files changed, 21 insertions, 0 deletions

diff --git a/README.md b/README.md
index ec85fd8..f777f69 100644
--- a/README.md
+++ b/README.md
@@ -56,6 +56,8 @@ Fail2Ban will block harmful clients which could otherwise DoS your server.
 
 See also their official website: https://www.fail2ban.org
 
+Major auth failures will be sent to syslog.
+
 The server will read (one IP per line) the files called Z-Line, G-Line and K-Line
 in this order during startup, and won't read them again at runtime.
 They will issue "bans", which causes connection to be dropped right after being
@@ -74,12 +76,31 @@ Keep in mind that `kline` console command will write to K-Line.txt so
 autogenerating data for it is not advised. All bans expire when server restarts,
 except if they have been kline'd (or are otherwise listed on a -Line file.)
 
+Do note it do not support zones (eg. /24) nor does it support wildcards. Invalid
+lines will be stored to memory but will never trigger the ruleset. Thus the advise
+for an external properly configured firewall, the built-in measures are minimal,
+and just to act as a _last_ defense line against intruders - not an _only_.
+
 Other suggestions (never tested):
 * [Blocklist DE](blocklist.de) - IP-Addresses who attack other servers/honeypots over SSH, FTP, IMAP, etc.
 * [SORBS NET](sorbs.net) - Open SOCKS proxy servers, etc
 * [Spamhaus ORG](spamhaus.org) - Spamhaus blacklist (spammers, open proxies)
 * [Proxy-List DOWNLOAD](www.proxy-list.download/) - List of SOCKS and HTTP proxies
 
+## Automatic bans
+
+The server has a "score" function in security. Sending invalid packets will cause
+your score to raise, and once it reaches a certain threshold, the connection will
+be killed and the user IP will be banned for a short while (BAN_TIME in consts.py)
+
+Different errors might influence the score differently depending on the severity.
+The threshold fluctuates depending if the user is logged in or not - for instance,
+sending a packet while logged out will most likely trigger the ban rules.
+
+For this reason, server admins are advised to tweak the values to their liking.
+The values are in consts.py and not in configure. Changing the score for each
+invalid operation must be done at the python file of the operations specifically.
+
 # The client
 The client should work out-of-the-box, but a few concerns are to be made.