diff options
| -rw-r--r-- | consts.py | 1 | ||||
| -rw-r--r-- | security.py | 45 | ||||
| -rwxr-xr-x | server.py | 5 | ||||
| -rw-r--r-- | utils.py | 6 |
4 files changed, 52 insertions, 5 deletions
@@ -100,6 +100,7 @@ CONN_LIFETIME =1800 CONN_CLEANUP =900.0 SQL_PINGTIME =1200.0 BL_UPDATETIME =30.0 +BAN_TIME =180.0 CLIENTVERSION ="2.0.6.18" # Hard coded loot (1,000~10,000) diff --git a/security.py b/security.py index a2d5a92..52c211d 100644 --- a/security.py +++ b/security.py @@ -18,13 +18,14 @@ ######################################################################################## # Adds an extra layer of security to the server # Really basic stuff, still better than nothing, though -import threading -from utils import now, stdout, dl_search -from consts import BL_UPDATETIME, INT_MAX +import threading, time, traceback +from utils import now, stdout, dl_search, ifte +from consts import BL_UPDATETIME, INT_MAX, BAN_TIME blacklist = [] ############################################################### +## Startup Methods # Import K-Line, G-Line and Z-Line try: f=open("Z-Line.txt", "r") @@ -57,17 +58,51 @@ except: stdout("Blacklist configuration:\n%s\n\n" % str(blacklist)) ############################################################################### +## Public Methods def is_banned(ip): global blacklist - print("Searching on blacklist") + #print("Searching on blacklist") bl=dl_search(blacklist, 0, ip) - print("Result: %s" % str(bl)) + print("Blacklist search result: %s" % str(bl)) if (bl != "ERROR"): return True else: return False +def ban_ip(ip, until=INT_MAX): + global blacklist + blacklist.append([ip, until]) + print("%s has been banned until %d." % (ip, until)) + return + +def score(conn, score): + #print("Score request: %d" % score) + conn.MS_score += score + + limit = ifte(conn.MS_auth, 30, 5) + print("Limit: %d" % limit) + print("Score: %d" % conn.MS_score) + + if (conn.MS_score >= limit): + stdout("Banning %s (%d/%d lame)" % (conn.address[0], conn.MS_score, limit)) + ban_ip(conn.address[0], now()+BAN_TIME) + time.sleep(0.1) + print("Closing connection!") + try: + conn.close(status=1000, reason="K-Lined") + except: + traceback.print_exc() + print("Failed to close, retrying...") + try: + conn.close(conn, status=1000, reason="K-Lined") + print("Connection closed!") + except: + traceback.print_exc() + print("Still failed! Connection was kept alive.") + return + ############################################################################### +## Private Methods def blacklist_update(): for ban in blacklist: if ban[1] < now(): @@ -44,6 +44,7 @@ class WebSocketConn(WebSocket): stdout("%s - %s" % (self.address[0], r[1])) syslog.syslog(LOG_AUTH, "%s - %s" % (self.address[0], r[1])) self.send_message("NACK\n") + security.score(self, 5) else: self.send_message(r[1]+"\n") @@ -73,6 +74,10 @@ class WebSocketConn(WebSocket): else: clients.append(self) + # Extend self class + self.MS_score = 0 + self.MS_auth = False + def handle_close(self): global clients """ @@ -30,6 +30,12 @@ for l in s: salt=l s.close() +def ifte(ifs, then, elses): + if (ifs): + return then + else: + return elses + def md5(string): return hashlib.md5(string.encode()).hexdigest() |