From f99930c04b945fef3450082530c7482b4f2ef64a Mon Sep 17 00:00:00 2001 From: orbiter Date: Sun, 1 May 2005 23:31:21 +0000 Subject: [PATCH] fixed brute-force + peer-disconnect - Bug git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@75 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- doc/News.html | 3 ++- htroot/MessageSend_p.java | 10 +++++++--- htroot/Wiki.java | 2 +- makerelease.sh | 1 + source/de/anomic/http/httpdFileHandler.java | 6 ++++-- source/de/anomic/server/serverCore.java | 22 +++++++++++++++------ source/de/anomic/yacy/yacySeedDB.java | 17 ++++++++++------ 7 files changed, 42 insertions(+), 19 deletions(-) diff --git a/doc/News.html b/doc/News.html index 1a04044e4..ee7d0beff 100644 --- a/doc/News.html +++ b/doc/News.html @@ -50,8 +50,9 @@ globalheader();
  • added a concept for external parsers; pdf an doc parser are integrated but not active yet.
  • fixed several bugs that caused thread-locks and 100% CPU load
  • fixed bug with cookie storage; changed handling of multiple cookies
    • +
  • fixed brute-force password attack denial
  • check on new peer names: must not occur already and may only contain letters, numbers and '_' or '-'.
    • -
  • many minor bug fixes and spell corrections in interface
    • +
  • many minor bug fixes and spell corrections in web-interface

    • v0.36_build20050326 diff --git a/htroot/MessageSend_p.java b/htroot/MessageSend_p.java index 7062db03b..deaeb752a 100644 --- a/htroot/MessageSend_p.java +++ b/htroot/MessageSend_p.java @@ -80,10 +80,11 @@ public class MessageSend_p { HashMap result = yacyClient.permissionMessage(hash); //System.out.println("DEBUG: permission request result = " + result.toString()); String peerName; + yacySeed targetPeer = null; if (hash.equals(yacyCore.seedDB.mySeed.hash)) { peerName = yacyCore.seedDB.mySeed.get("Name","nameless"); } else { - yacySeed targetPeer = yacyCore.seedDB.getConnected(hash); + targetPeer = yacyCore.seedDB.getConnected(hash); if (targetPeer == null) peerName = "nameless"; else @@ -92,14 +93,17 @@ public class MessageSend_p { String response = (result == null) ? "-1" : (String) result.get("response"); if ((response == null) || (response.equals("-1"))) { // we don't have permission or other peer does not exist - body += "

    You cannot send a message to '" + peerName + "'. The peer does not respond.

    "; + body += "

    You cannot send a message to '" + peerName + "'. The peer does not respond. It was now removed from the peer-list.

    "; + if (targetPeer != null) { + yacyCore.peerActions.disconnectPeer(targetPeer); + } } else { // write input form int messagesize = Integer.parseInt((String) result.get("messagesize")); int attachmentsize = Integer.parseInt((String) result.get("attachmentsize")); body += "

    The peer '" + peerName + "' is alive and responded:
    "; body += "'" + response + " You are allowed to send me a message ≤ " + messagesize + " kb and an attachment ≤ " + attachmentsize + ".'

    "; - body += "


    "; + body += "

    "; body += "

    Your Message

    "; body += "

    Subject:

    "; body += "

    Text:

    "; diff --git a/htroot/Wiki.java b/htroot/Wiki.java index 29c7676a8..7064b92cf 100644 --- a/htroot/Wiki.java +++ b/htroot/Wiki.java @@ -101,7 +101,7 @@ public class Wiki { try { prop.put("pagecontent", ""); prop.put("pageedit", - "" + + "" + //"" + "

    Author:

    " + "

    Text:

    " + diff --git a/makerelease.sh b/makerelease.sh index a6eb1cb41..7395069b7 100755 --- a/makerelease.sh +++ b/makerelease.sh @@ -191,6 +191,7 @@ cp htroot/*.xml $release/htroot/ cp htroot/*.html $release/htroot/ cp htroot/*.java $release/htroot/ cp htroot/*.class $release/htroot/ +cp htroot/*.ico $release/htroot/ cp htroot/yacy/*.html $release/htroot/yacy/ cp htroot/yacy/*.java $release/htroot/yacy/ cp htroot/yacy/*.class $release/htroot/yacy/ diff --git a/source/de/anomic/http/httpdFileHandler.java b/source/de/anomic/http/httpdFileHandler.java index 2be6344a5..61b337a88 100644 --- a/source/de/anomic/http/httpdFileHandler.java +++ b/source/de/anomic/http/httpdFileHandler.java @@ -230,13 +230,15 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http serverCore.bfHost.remove(conProp.getProperty("CLIENTIP")); } else { // a wrong authentication was given. Ask again - serverLog.logInfo("HTTPD", "Wrong log-in for account 'admin' in http file handler for path '" + path + "' from host '" + conProp.getProperty("CLIENTIP", "unknown-IP") + "'"); + String clientIP = conProp.getProperty("CLIENTIP", "unknown-host"); + serverLog.logInfo("HTTPD", "Wrong log-in for account 'admin' in http file handler for path '" + path + "' from host '" + clientIP + "'"); //try {Thread.currentThread().sleep(3000);} catch (InterruptedException e) {} // add a delay to make brute-force harder - serverCore.bfHost.put(conProp.getProperty("CLIENTIP"), "sleep"); + serverCore.bfHost.put(clientIP, "sleep"); out.write(("HTTP/1.1 401 log-in required\r\n").getBytes()); out.write(("WWW-Authenticate: Basic realm=\"admin log-in\"\r\n").getBytes()); out.write(("\r\n").getBytes()); out.flush(); + //System.out.println("httpd bfHosts=" + serverCore.bfHost.toString()); return; } } diff --git a/source/de/anomic/server/serverCore.java b/source/de/anomic/server/serverCore.java index 8d8b5a462..c361ff1b0 100644 --- a/source/de/anomic/server/serverCore.java +++ b/source/de/anomic/server/serverCore.java @@ -139,6 +139,15 @@ public final class serverCore extends serverAbstractThread implements serverThre } } } + + public static String clientAddress(Socket s) { + InetAddress uAddr = s.getInetAddress(); + if (uAddr.isAnyLocalAddress()) return "localhost"; + String cIP = uAddr.getHostAddress(); + if (cIP.equals("0:0:0:0:0:0:0:1")) cIP = "localhost"; + if (cIP.equals("127.0.0.1")) cIP = "localhost"; + return cIP; + } // class initializer public serverCore(int port, int maxSessions, int timeout, @@ -299,19 +308,20 @@ public final class serverCore extends serverAbstractThread implements serverThre announceThreadBlockApply(); Socket controlSocket = this.socket.accept(); announceThreadBlockRelease(); - String clientIP = ""+controlSocket.getInetAddress().getHostAddress(); - if (bfHost.get(clientIP) != null) { - log.logInfo("SLOWING DOWN ACCESS FOR BRUTE-FORCE PREVENTION FROM " + clientIP); + String cIP = clientAddress(controlSocket); + //System.out.println("server bfHosts=" + bfHost.toString()); + if (bfHost.get(cIP) != null) { + log.logInfo("SLOWING DOWN ACCESS FOR BRUTE-FORCE PREVENTION FROM " + cIP); // add a delay to make brute-force harder - try {Thread.currentThread().sleep(1000);} catch (InterruptedException e) {} + try {Thread.currentThread().sleep(3000);} catch (InterruptedException e) {} } - if ((this.denyHost == null) || (this.denyHost.get(clientIP) == null)) { + if ((this.denyHost == null) || (this.denyHost.get(cIP) == null)) { controlSocket.setSoTimeout(this.timeout); Session connection = (Session) this.theSessionPool.borrowObject(); connection.execute(controlSocket); //log.logDebug("* NEW SESSION: " + connection.request + " from " + clientIP); } else { - System.out.println("ACCESS FROM " + clientIP + " DENIED"); + System.out.println("ACCESS FROM " + cIP + " DENIED"); } // idle until number of maximal threads is (again) reached //synchronized(this) { diff --git a/source/de/anomic/yacy/yacySeedDB.java b/source/de/anomic/yacy/yacySeedDB.java index 5a0f28c6b..2d6764312 100644 --- a/source/de/anomic/yacy/yacySeedDB.java +++ b/source/de/anomic/yacy/yacySeedDB.java @@ -340,13 +340,15 @@ public class yacySeedDB { } public void addDisconnected(yacySeed seed) { - if ((seed == null) || (!(seed.isProper()))) return; - //seed.put("LastSeen", yacyCore.shortFormatter.format(new Date(yacyCore.universalTime()))); + if (seed == null) return; try { nameLookupCache.remove(seed.getName()); - seedPassiveDB.set(seed.hash, seed.getMap()); seedActiveDB.remove(seed.hash); seedPotentialDB.remove(seed.hash); + } catch (Exception e) {} + //seed.put("LastSeen", yacyCore.shortFormatter.format(new Date(yacyCore.universalTime()))); + try { + seedPassiveDB.set(seed.hash, seed.getMap()); } catch (IOException e) { System.out.println("ERROR add: seed.db corrupt (" + e.getMessage() + "); resetting seed.db"); e.printStackTrace(); @@ -363,13 +365,16 @@ public class yacySeedDB { } public void addPotential(yacySeed seed) { - if ((seed == null) || (!(seed.isProper()))) return; - //seed.put("LastSeen", yacyCore.shortFormatter.format(new Date(yacyCore.universalTime()))); + if (seed == null) return; try { nameLookupCache.remove(seed.getName()); - seedPotentialDB.set(seed.hash, seed.getMap()); seedActiveDB.remove(seed.hash); seedPassiveDB.remove(seed.hash); + } catch (Exception e) {} + if (!(seed.isProper())) return; + //seed.put("LastSeen", yacyCore.shortFormatter.format(new Date(yacyCore.universalTime()))); + try { + seedPotentialDB.set(seed.hash, seed.getMap()); } catch (IOException e) { System.out.println("ERROR add: seed.db corrupt (" + e.getMessage() + "); resetting seed.db"); e.printStackTrace();