[SUCS Devel] [Git][sucssite/sso][master] 2 commits: Add IP address based rate limiting as well

Imran Hussain (@imranh) imranh at sucs.org
Wed Dec 22 19:22:58 GMT 2021 


Imran Hussain pushed to branch master at sucssite / sso


Commits:
8fe32126 by Imran Hussain at 2021-12-22T19:21:58+00:00
Add IP address based rate limiting as well
- - - - -
f11ef777 by Imran Hussain at 2021-12-22T19:22:56+00:00
Merge branch 'ip-ratelimit' into 'master'

Add IP address based rate limiting as well

See merge request sucssite/sso!1
- - - - -


1 changed file:

- public/index.php


Changes:

=====================================
public/index.php
=====================================
@@ -29,13 +29,24 @@ $SESSIONID = session_id();
 // otherwise set them up
 require "../lib/db.php";
 
+// Check if they have just cleared their cookie/session id and are trying to bypass the rate limiting
+// best we can do is IP ratelimit people
+$ipBan_result = $DB_CON->query("SELECT * FROM sessions WHERE ipaddr='${_SERVER["REMOTE_ADDR"]}' ORDER BY lastfailedlogintime DESC LIMIT 1");
+$ipBan_details = $ipBan_result->fetchArray();
+
+// if their last login attempt was less than 30 mins ago
+// 30 mins to really punish ban avoiders 
+if ($ipBan_details["lastfailedlogintime"] <= strtotime("-30 minutes")) {
+	$RATELIMITED = true;
+}
+
 $result = $DB_CON->query("SELECT * FROM sessions WHERE id='${SESSIONID}'");
 
 $details = $result->fetchArray();
 
 // if there's an entry then load that data otherwise
 // otherwise make an entry
-if ( $details["id"] === $SESSIONID ) {
+if ( $details["id"] === $SESSIONID && !$RATELIMITED) {
 	//var_dump($details);
 	//echo time();
 	if ($details["sucs_username"] !== null) {
@@ -86,7 +97,7 @@ if ( isset($_POST["username"]) && isset($_POST["password"]) && !$RATELIMITED ) {
 		$DB_CON->exec("UPDATE sessions SET failedlogincount=${details['failedlogincount']}, lastfailedlogintime=strftime('%s','now') WHERE id='${SESSIONID}'");
 	}
 
-} elseif ( isset($_COOKIE["sucssite_session"]) ) {
+} elseif ( isset($_COOKIE["sucssite_session"]) && !$RATELIMITED) {
 
 	// found a sucssite_session
 	$legacySessionID = $_COOKIE["sucssite_session"];



View it on GitLab: https://projects.sucs.org/sucssite/sso/-/compare/4fb0af28ac6f58927b0c10e0460013d01f7c97f7...f11ef777e3a670def4b55678f87d3bc2bd80a5a2

-- 
View it on GitLab: https://projects.sucs.org/sucssite/sso/-/compare/4fb0af28ac6f58927b0c10e0460013d01f7c97f7...f11ef777e3a670def4b55678f87d3bc2bd80a5a2
You're receiving this email because of your account on projects.sucs.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20211222/16f9fcc4/attachment-0001.html>

More information about the Devel mailing list