Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block sign in attempt for X minutes when the user fails to sign in N times #2826

Closed
ameshkov opened this issue Mar 16, 2021 · 1 comment
Closed

Block sign in attempt for X minutes when the user fails to sign in N times #2826

ameshkov opened this issue Mar 16, 2021 · 1 comment
Assignees
@EugeneOne1
Labels
enhancement P3: Medium
Milestone
v0.106.0

Comments

@ameshkov
Copy link
Member

This is a very simple thing to prevent brute-force attacks, and I suppose we should do that in v0.106.0 since there're already many public AGH servers.

Here's what needs to be done:

  1. Use a simple cache with eviction to store the IP addresses of users who're signing in. For instance: https://github.com/beefsack/go-rate
  2. If a user makes N unsuccessful attempts to sign in, block it for X minutes (N and X - configurable)
  3. Return a human-readable error: "the IP address is blocked for N minutes".

Default values:

  • maxAttempts = 5
  • blockSignInMinutes = 15
@ameshkov ameshkov added this to the v0.106.0 milestone Mar 16, 2021
This was referenced Mar 16, 2021
Closed
Closed
@Aikatsui
Copy link
Contributor

Duplicate of #675 #863 😉
(i think it's possible to implement #863 same time)

This was referenced Mar 16, 2021
Closed
Closed
adguard pushed a commit that referenced this issue Apr 27, 2021
@EugeneOne1
Pull request: 2826 auth block
f603c21 
Merge in DNS/adguard-home from 2826-auth-block to master

Updates #2826.

Squashed commit of the following:

commit ae87360
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Apr 27 15:35:49 2021 +0300

    home: fix mistake

commit dfa2ab0
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Apr 27 15:31:53 2021 +0300

    home: imp code

commit ff4220d
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Apr 27 15:14:20 2021 +0300

    home: imp authratelimiter

commit c73a407
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Apr 27 14:20:17 2021 +0300

    home: fix authratelimiter

commit 724db43
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Fri Apr 23 12:15:48 2021 +0300

    home: introduce auth blocker
heyxkhoa pushed a commit to heyxkhoa/AdGuardHome that referenced this issue Mar 20, 2023
@EugeneOne1 @heyxkhoa
Pull request: 2826 auth block
8d75df0 
Merge in DNS/adguard-home from 2826-auth-block to master

Updates AdguardTeam#2826.

Squashed commit of the following:

commit ae87360
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Apr 27 15:35:49 2021 +0300

    home: fix mistake

commit dfa2ab0
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Apr 27 15:31:53 2021 +0300

    home: imp code

commit ff4220d
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Apr 27 15:14:20 2021 +0300

    home: imp authratelimiter

commit c73a407
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Tue Apr 27 14:20:17 2021 +0300

    home: fix authratelimiter

commit 724db43
Author: Eugene Burkov <e.burkov@adguard.com>
Date:   Fri Apr 23 12:15:48 2021 +0300

    home: introduce auth blocker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EugeneOne1 EugeneOne1

Labels
enhancement P3: Medium
Projects
None yet
Milestone
v0.106.0
Development

No branches or pull requests
3 participants
@ameshkov @EugeneOne1 @Aikatsui