this really helps us. i know that steve has a list of bad
ftp users to reject out-of-hand, but this exponential backoff
keeps the bad guys from bothering our auth server enough to
notice. we still get quite a few connections, though
- erik
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:519,524 - ftpd.c:519,528
int
usercmd(char *name)
{
+ static int usercmds = 1000;
+
+ if(usercmds <<= 1 > 2000)
+ sleep(usercmds);
logit("user %s %s", name, nci->rsys);
if(loggedin)
return reply("530 Already logged in as %s", user);
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:537,542 - ftpd.c:541,548
strcpy(user, "none");
else if(anon_everybody)
strcpy(user,"none");
+ if(strcmp(user, "Administrator") == 0)
+ return reply("530 no way jose");
if(strcmp(user, "*none") == 0){
if(!anon_ok)
return reply("530 Not logged in: anonymous disallowed");
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:593,600 - ftpd.c:599,606
ch->nresp = strlen(response);
ai = auth_response(ch);
if(ai == nil) {
- static long delay = 100;
-
+ static long delay = 1000;
+ hoser:
sleep(delay); /* deter password-guessers */
if (delay < 60*1000)
delay *= 2;
/n/sources/plan9//sys/src/cmd/ip/ftpd.c:601,607 - ftpd.c:607,613
return reply("530 Not logged in: %r");
}
if(auth_chuid(ai, nil) < 0)
- return reply("530 Not logged in: %r");
+ goto hoser;
auth_freechal(ch);
ch = nil;
