123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 |
- <?php
- if (!defined('GNUSOCIAL')) { exit(1); }
- class AntiBrutePlugin extends Plugin {
- const PLUGIN_VERSION = '2.0.0';
- protected $failed_attempts = 0;
- protected $unauthed_user = null;
- protected $client_ip = null;
- const FAILED_LOGIN_IP_SECTION = 'failed_login_ip';
- public function initialize()
- {
-
- $client_ip = common_client_ip();
- $this->client_ip = $client_ip[0] ?: $client_ip[1];
- }
- public function onStartCheckPassword($nickname, $password, &$authenticatedUser)
- {
- if (common_is_email($nickname)) {
- $this->unauthed_user = User::getKV('email', common_canonical_email($nickname));
- } else {
- $this->unauthed_user = User::getKV('nickname', Nickname::normalize($nickname));
- }
- if (!$this->unauthed_user instanceof User) {
-
- return true;
- }
- $this->failed_attempts = (int)$this->unauthed_user->getPref(self::FAILED_LOGIN_IP_SECTION, $this->client_ip);
- switch (true) {
- case $this->failed_attempts >= 5:
- common_log(LOG_WARNING, sprintf('Multiple failed login attempts for user %s from IP %s - brute force attack?',
- $this->unauthed_user->getNickname(), $this->client_ip));
-
- sleep($this->failed_attempts % 5 + 1);
- break;
- case $this->failed_attempts > 0:
- common_debug(sprintf('Previously failed login on user %s from IP %s - sleeping %u seconds.',
- $this->unauthed_user->getNickname(), $this->client_ip, $this->failed_attempts));
- sleep($this->failed_attempts);
- break;
- default:
-
- }
- return true;
- }
- public function onEndCheckPassword($nickname, $password, $authenticatedUser)
- {
- if ($authenticatedUser instanceof User) {
-
- $authenticatedUser->delPref(self::FAILED_LOGIN_IP_SECTION, $this->client_ip);
- return true;
- }
-
-
- if ($this->unauthed_user instanceof User) {
-
- common_debug(sprintf('Failed login tests for user %s from IP %s',
- $this->unauthed_user->getNickname(), $this->client_ip));
- $this->unauthed_user->setPref(self::FAILED_LOGIN_IP_SECTION, $this->client_ip, ++$this->failed_attempts);
- }
- return true;
- }
- public function onPluginVersion(array &$versions): bool
- {
- $versions[] = array('name' => 'AntiBrute',
- 'version' => self::PLUGIN_VERSION,
- 'author' => 'Mikael Nordfeldth',
- 'homepage' => 'http://gnu.io/',
- 'description' =>
-
- _m('Anti bruteforce method(s).'));
- return true;
- }
- }
|