Skip to content
Snippets Groups Projects
Commit 1e9d5c2c authored by Rob Swindell's avatar Rob Swindell :speech_balloon:
Browse files

Treat every login failure with no password available as unique

When loginFailure() is called with NULL for the password argument, that indicates there was no password available (e.g. an aborted login attempt) - treat each of these as a unique (not duplicate) failed-login attempt. This'll trigger ban/filter thresholds sooner for clients that hammer servers and disconnect mid-login.
parent ade7841e
No related branches found
No related tags found
1 merge request!463MRC mods by Codefenix (2024-10-20)
......@@ -3253,7 +3253,7 @@ ulong loginFailure(link_list_t* list, const union xp_sockaddr* addr, const char*
if((node=login_attempted(list, addr)) != NULL) {
attempt=node->data;
/* Don't count consecutive duplicate attempts (same name and password): */
if((user!=NULL && strcmp(attempt->user,user)==0) && (pass==NULL || strcmp(attempt->pass,pass)==0))
if((user!=NULL && strcmp(attempt->user,user)==0) && (pass!=NULL && strcmp(attempt->pass,pass)==0))
attempt->dupes++;
}
SAFECOPY(attempt->prot,prot);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment