[RELEASE] BruteForce Protection

Basser · 08/17/2010, 15:43

Hello.

I came up with the idea to create a class that will help you protect your server from brute force hackers. Chances aren't very big this will happen to you, but still, a good server should be prepared.
Well this release includes the base for it.

Explanation:
When a wrong password is entered, a new Entry is created, and added to a dictionary, every time a wrong password is entered, this entry will be updated and the TimesTried integer will increase by 1. When this integer reaches a maximum, which is integer MaxTrials in the Bruteforce class, the IP will be banned for 15 minutes.

Usage:
In the Main void (Load function) add Bruteforce.Start();
In your packet processor, check if the IP is banned, and also when a wrong password is used, so when the wrong password packet it sent, make sure it adds a trial for the IP connected.

Credits:
- InfamousNoone, I studied his sources before I made this, and I have a strong memory, so it did influence me for sure.

Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;

namespace AuthServer.Protection
{
    /// <summary>
    /// Bruteforce Entry which holds all necessary information.
    /// </summary>
    public class BruteforceEntry
    {
        public string IPAddress;
        public int TimesTried;
        public DateTime Unbantime;
        public DateTime AddedTimeRemove;
    }

    public static class Bruteforce
    {
        public static int MaxTrials;
        public static IDictionary<string, BruteforceEntry> Entries = new Dictionary<string, BruteforceEntry>();

        private static readonly ThreadStart ThreadStart = ThreadExecute;

        private static void ThreadExecute()
        {
            while (true)
            {
                lock (Entries)
                {
                    DateTime now = DateTime.Now;
                    foreach(BruteforceEntry be in Entries.Values.ToList())
                    {
                        if (be.AddedTimeRemove <= now)
                            Entries.Remove(be.IPAddress);
                        else if (be.Unbantime <= now && be.Unbantime.Day == DateTime.Now.Day)
                            Entries.Remove(be.IPAddress);
                    }
                }
                Thread.Sleep(1500);
            }
        }

        /// <param name="value">Amount of false logins somebody can have before getting banned.</param>
        public static void Start(byte value = (byte) 11)
        {
            MaxTrials = value;
            new Thread(ThreadStart).Start();
        }

        public static void AddTry(string IPAddress)
        {
            lock (Entries)
            {
                BruteforceEntry be;
                if (!Entries.TryGetValue(IPAddress, out be))
                {
                    be = new BruteforceEntry
                             {
                                 IPAddress = IPAddress,
                                 AddedTimeRemove = DateTime.Now.AddMinutes(5),
                                 Unbantime = new DateTime()
                             };
                    Entries.Add(IPAddress, be);
                }
                else
                {
                    be.TimesTried++;
                    if (be.TimesTried >= MaxTrials)
                        be.Unbantime = DateTime.Now.AddMinutes(15);
                }
            }
        }

        public static bool IsBanned(string IPAddress)
        {
            bool isBanned = false;
            BruteforceEntry be;
            if (Entries.TryGetValue(IPAddress, out be))
                isBanned = (be.Unbantime.Day == DateTime.Now.Day);
            return isBanned;
        }
    }
}

- Do NOT PM me for help, if you cannot get it to work, post it here, I'm not a officer of leechure. (I made that word up, perhaps leechinity sounds better =P)
- Do press thanks if you like this to show your appreciation, it might just be the reason I will release more.
- Do ask questions in this thread if there are problems.
- You are allowed to modify this.

~Bas.

_DreadNought_ · 08/17/2010, 15:44

I just made Kayne west a happy boy!

~~µ~Xero~µ~~ · 08/17/2010, 17:16

Me too (its yuki)

CØĐ£Ř||Mã©hÍñє · 08/17/2010, 17:51

great thanks brother

.Beatz · 08/17/2010, 17:51

Good release Basser +k

~*NewDuuDe*~ · 08/17/2010, 20:15

Great release, mate. Seems someone forgot their e*pvp password? :P
Note to the guy above me: There isn't karma anymore.

Basser · 08/17/2010, 21:46

#EDIT:
I made a copy when iterating through it, cause else you might get an exception because you are modifying and iterating through a dictionary.

Sp!!ke · 08/17/2010, 22:13

great Basser

+k

Basser · 08/17/2010, 22:36

Quote:

Originally Posted by I<3Salad

Error: Default parameter spcifiers are not permitted

What .NET Framework are you using?
Either configure .NET Framework 4.0 to the project, or if you don't want to.

Just do this:

Code:

        public static void Start()
        {
            MaxTrials = 11;
            new Thread(ThreadStart).Start();
        }

Not the best way, but I don't want to post a huge edit.

.Beatz · 08/17/2010, 23:27

I know there is no Karma anymore lmao just showing my appreciation

Might implement this into my source

Basser · 08/18/2010, 20:52

Did anyone successfully use this code yet?

.Beatz · 08/18/2010, 21:42

Not yet. I am working out bugs and making sure things run fine before I add anything else

Basser · 08/19/2010, 21:51

Should I add anything?