search

spring / uberserver

uberserver, a matchmaking/chat lobby server for the spring rts project
https://springrts.com/wiki/Uberserver
Other
33 stars 38 forks source link

IRC clients spamming login attempts #315

Closed nixtux closed 5 years ago

nixtux commented 5 years ago

[16:25] -irc.springrts.com- *** Login denied on lobby server (You are banned: (login/registration spam), 29 days remaining) Current system seems a bit too over zealous, by irc client auto reconnects every 5 sec. Also should moderators not be immune to auto system bans?

silentwings commented 5 years ago

I've removed the ban that caused this but I'm unsure if this was the result of a bug in uberserver or not.

The ip 78.46.100.157 was banned (manually, by me) due to spamming hundreds of login attempts with incorrect username and password, which looked suspiciously brute force-ish - the username used was AndroUser2. Is that your connection attempts? Or perhaps this IP relates to the whole IRC bridge?

e.g. 

2019-02-16 00:17:03 INFO  Protocol.out_DENIED:3176  [934] Failed to log in user <AndroUser2>: Invalid username or password (1/3)
2019-02-16 00:19:09 INFO  Protocol.out_DENIED:3176  [936] Failed to log in user <AndroUser2>: Invalid username or password (1/3)
2019-02-16 00:19:14 INFO  Protocol.out_DENIED:3176  [937] Failed to log in user <AndroUser2>: Invalid username or password (2/3)
2019-02-16 00:22:39 INFO  Protocol.out_DENIED:3176  [941] Failed to log in user <AndroUser2>: Invalid username or password (3/3)
nixtux commented 5 years ago

I think it's my connect attempts, well my irc client trying to use a second user name if first fails.

silentwings commented 5 years ago

I'm still not sure exactly what's wrong here

irc client auto reconnects every 5 sec.

Does it do this even if you are logged in?

abma commented 5 years ago

78.46.100.157 is springrts.com :-)

silentwings commented 5 years ago

I think there are no issues with the automated rate limiters (per IP for registration attempts, per username for logins) and the current IRC bridge.

In any case, the plan is for IRC to go via Springs matrix server and new bridge interface.

silentwings commented 5 years ago

unfortunately this relates to the IRC protocol translation and not the "true" bridge - so this issue still stands

a few IRC clients spam hundreds of failing login attempts (on 5 second repeat), often without even a valid username

this pollutes logfiles

abma commented 5 years ago

https://springrts.com/phpbb/viewtopic.php?f=71&t=39345

silentwings commented 5 years ago

probably best not to change anything here (sadly)