From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <242353c55a20c843fc4187646ca07360@coraid.com> From: erik quanstrom Date: Mon, 14 Apr 2008 12:13:22 -0400 To: 9fans@9fans.net In-Reply-To: <6c5ae98825f18645410a8cf7ab4cf8a7@csplan9.rit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] standalone authserver on CF card Topicbox-Message-UUID: 8dc5ae22-ead3-11e9-9d60-3106f5b1d025 this really helps us. i know that steve has a list of bad ftp users to reject out-of-hand, but this exponential backoff keeps the bad guys from bothering our auth server enough to notice. we still get quite a few connections, though - erik /n/sources/plan9//sys/src/cmd/ip/ftpd.c:519,524 - ftpd.c:519,528 int usercmd(char *name) { + static int usercmds = 1000; + + if(usercmds <<= 1 > 2000) + sleep(usercmds); logit("user %s %s", name, nci->rsys); if(loggedin) return reply("530 Already logged in as %s", user); /n/sources/plan9//sys/src/cmd/ip/ftpd.c:537,542 - ftpd.c:541,548 strcpy(user, "none"); else if(anon_everybody) strcpy(user,"none"); + if(strcmp(user, "Administrator") == 0) + return reply("530 no way jose"); if(strcmp(user, "*none") == 0){ if(!anon_ok) return reply("530 Not logged in: anonymous disallowed"); /n/sources/plan9//sys/src/cmd/ip/ftpd.c:593,600 - ftpd.c:599,606 ch->nresp = strlen(response); ai = auth_response(ch); if(ai == nil) { - static long delay = 100; - + static long delay = 1000; + hoser: sleep(delay); /* deter password-guessers */ if (delay < 60*1000) delay *= 2; /n/sources/plan9//sys/src/cmd/ip/ftpd.c:601,607 - ftpd.c:607,613 return reply("530 Not logged in: %r"); } if(auth_chuid(ai, nil) < 0) - return reply("530 Not logged in: %r"); + goto hoser; auth_freechal(ch); ch = nil;