From 8fb98b7dc9a91b1eccfba74eaf0236467a754d9e Mon Sep 17 00:00:00 2001
From: "Rob Swindell (on Windows 11)" <rob@synchro.net>
Date: Thu, 14 Dec 2023 23:20:42 -0800
Subject: [PATCH] Log the time-span when ip-filtering a failed-login-attempter,
 adding to ip.can

---
 src/sbbs3/ftpsrvr.c  | 5 +++--
 src/sbbs3/login.cpp  | 5 +++--
 src/sbbs3/mailsrvr.c | 5 +++--
 src/sbbs3/services.c | 5 +++--
 src/sbbs3/websrvr.c  | 5 +++--
 5 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/sbbs3/ftpsrvr.c b/src/sbbs3/ftpsrvr.c
index b5835264b7..39361d47d0 100644
--- a/src/sbbs3/ftpsrvr.c
+++ b/src/sbbs3/ftpsrvr.c
@@ -1773,14 +1773,15 @@ static BOOL badlogin(SOCKET sock, CRYPT_SESSION sess, ulong* login_attempts
 	if(addr!=NULL) {
 		count=loginFailure(startup->login_attempt_list, addr, client->protocol, user, passwd, &attempt);
 		if (count > 1)
-			lprintf(LOG_NOTICE, "%04d [%s] !CONSECUTIVE UNIQUE FAILED LOGIN ATTEMPT #%lu in %d seconds"
+			lprintf(LOG_NOTICE, "%04d [%s] !CONSECUTIVE FAILED LOGIN ATTEMPT #%lu in %d seconds"
 				,sock, client->addr, count, attempt.time - attempt.first);
 		mqtt_user_login_fail(&mqtt, client, user);
 		if(startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold)
 			ftp_hacklog("FTP LOGIN", user, passwd, client->host, addr);
 		if(startup->login_attempt.filter_threshold && count>=startup->login_attempt.filter_threshold) {
 			char reason[128];
-			SAFEPRINTF(reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu)", count);
+			snprintf(reason, sizeof reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu in %d seconds)"
+				,count, attempt.time - attempt.first);
 			filter_ip(&scfg, client->protocol, reason, client->host, client->addr, user, /* fname: */NULL);
 		}
 		if(count > *login_attempts)
diff --git a/src/sbbs3/login.cpp b/src/sbbs3/login.cpp
index 73a8dbaeb3..73e1fa8f3c 100644
--- a/src/sbbs3/login.cpp
+++ b/src/sbbs3/login.cpp
@@ -145,7 +145,7 @@ void sbbs_t::badlogin(const char* user, const char* passwd, const char* protocol
 	SAFEPRINTF(reason,"%s LOGIN", protocol);
 	count=loginFailure(startup->login_attempt_list, addr, protocol, user, passwd, &attempt);
 	if (count > 1)
-		lprintf(LOG_NOTICE, "!CONSECUTIVE UNIQUE FAILED LOGIN ATTEMPT #%lu in %d seconds", count, attempt.time - attempt.first);
+		lprintf(LOG_NOTICE, "!CONSECUTIVE FAILED LOGIN ATTEMPT #%lu in %d seconds", count, attempt.time - attempt.first);
 	mqtt_user_login_fail(mqtt, &client, user);
 	if(user!=NULL && startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
 		getnameinfo(&addr->addr, addr_len, host_name, sizeof(host_name), NULL, 0, NI_NAMEREQD);
@@ -159,7 +159,8 @@ void sbbs_t::badlogin(const char* user, const char* passwd, const char* protocol
 		char ipaddr[INET6_ADDRSTRLEN];
 		inet_addrtop(addr, ipaddr, sizeof(ipaddr));
 		getnameinfo(&addr->addr, addr_len, host_name, sizeof(host_name), NULL, 0, NI_NAMEREQD);
-		SAFEPRINTF(reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu)", count);
+		snprintf(reason, sizeof reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu in %d seconds)"
+			,count, attempt.time - attempt.first);
 		filter_ip(&cfg, protocol, reason, host_name, ipaddr, user, /* fname: */NULL);
 	}
 
diff --git a/src/sbbs3/mailsrvr.c b/src/sbbs3/mailsrvr.c
index 630c5b28f5..36c0b332e4 100644
--- a/src/sbbs3/mailsrvr.c
+++ b/src/sbbs3/mailsrvr.c
@@ -978,7 +978,7 @@ static void badlogin(SOCKET sock, CRYPT_SESSION sess, const char* resp
 		SAFEPRINTF(reason,"%s LOGIN", client->protocol);
 		count=loginFailure(startup->login_attempt_list, addr, client->protocol, user, passwd, &attempt);
 		if (count > 1)
-			lprintf(LOG_NOTICE, "%04d %s [%s] !CONSECUTIVE UNIQUE FAILED LOGIN ATTEMPT #%lu in %d seconds"
+			lprintf(LOG_NOTICE, "%04d %s [%s] !CONSECUTIVE FAILED LOGIN ATTEMPT #%lu in %d seconds"
 				,sock, client->protocol, client->addr, count, attempt.time - attempt.first);
 		mqtt_user_login_fail(&mqtt, client, user);
 		if(startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
@@ -989,7 +989,8 @@ static void badlogin(SOCKET sock, CRYPT_SESSION sess, const char* resp
 #endif
 		}
 		if(startup->login_attempt.filter_threshold && count>=startup->login_attempt.filter_threshold) {
-			SAFEPRINTF(reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu)", count);
+			snprintf(reason, sizeof reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu in %d seconds)"
+				,count, attempt.time - attempt.first);
 			filter_ip(&scfg, client->protocol, reason, client->host, client->addr, user, /* fname: */NULL);
 		}
 	}
diff --git a/src/sbbs3/services.c b/src/sbbs3/services.c
index ad2aa40fed..afd0254022 100644
--- a/src/sbbs3/services.c
+++ b/src/sbbs3/services.c
@@ -342,7 +342,7 @@ static void badlogin(SOCKET sock, char* user, char* passwd, client_t* client, un
 	SAFEPRINTF(reason,"%s LOGIN", client->protocol);
 	count=loginFailure(startup->login_attempt_list, addr, client->protocol, user, passwd, &attempt);
 	if (count > 1)
-		lprintf(LOG_NOTICE, "%04d %s [%s] !CONSECUTIVE UNIQUE FAILED LOGIN ATTEMPT #%lu in %d seconds"
+		lprintf(LOG_NOTICE, "%04d %s [%s] !CONSECUTIVE FAILED LOGIN ATTEMPT #%lu in %d seconds"
 			,sock, client->protocol, client->addr, count, attempt.time - attempt.first);
 	mqtt_user_login_fail(&mqtt, client, user);
 	if(startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
@@ -353,7 +353,8 @@ static void badlogin(SOCKET sock, char* user, char* passwd, client_t* client, un
 #endif
 	}
 	if(startup->login_attempt.filter_threshold && count>=startup->login_attempt.filter_threshold) {
-		SAFEPRINTF(reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu)", count);
+		snprintf(reason, sizeof reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu in %d seconds)"
+			,count, attempt.time - attempt.first);
 		filter_ip(&scfg, client->protocol, reason, client->host, client->addr, user, /* fname: */NULL);
 	}
 
diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index 385a425964..1ec8208248 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -1898,7 +1898,7 @@ static void badlogin(SOCKET sock, const char* user, const char* passwd, client_t
 	SAFEPRINTF(reason,"%s LOGIN", client->protocol);
 	count=loginFailure(startup->login_attempt_list, addr, client->protocol, user, passwd, &attempt);
 	if (count > 1)
-		lprintf(LOG_NOTICE, "%04d %s [%s] !CONSECUTIVE UNIQUE FAILED LOGIN ATTEMPT #%lu in %d seconds"
+		lprintf(LOG_NOTICE, "%04d %s [%s] !CONSECUTIVE FAILED LOGIN ATTEMPT #%lu in %d seconds"
 			,sock, client->protocol, client->addr, count, attempt.time - attempt.first);
 	mqtt_user_login_fail(&mqtt, client, user);
 	if(startup->login_attempt.hack_threshold && count>=startup->login_attempt.hack_threshold) {
@@ -1909,7 +1909,8 @@ static void badlogin(SOCKET sock, const char* user, const char* passwd, client_t
 #endif
 	}
 	if(startup->login_attempt.filter_threshold && count>=startup->login_attempt.filter_threshold) {
-		SAFEPRINTF(reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu)", count);
+		snprintf(reason, sizeof reason, "- TOO MANY CONSECUTIVE FAILED LOGIN ATTEMPTS (%lu in %d seconds)"
+			,count, attempt.time - attempt.first);
 		filter_ip(&scfg, client->protocol, reason
 			,client->host, client->addr, user, /* fname: */NULL);
 	}
-- 
GitLab