upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 27

Log bruteforce throttle and blocking

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2022-01-18 10:10:19 +01:00
parent a7eefa293e
commit c6d000f87f
No known key found for this signature in database
GPG key ID: 7076EA9751AACDDA
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
lib/private/Security/Bruteforce/Throttler.php
View file

@ -354,9 +354,20 @@ class Throttler {
public function sleepDelayOrThrowOnMax(string $ip, string $action = ''): int {
$delay = $this->getDelay($ip, $action);
if (($delay === self::MAX_DELAY_MS) && $this->getAttempts($ip, $action, 0.5) > self::MAX_ATTEMPTS) {
$this->logger->info('IP address blocked because it reached the maximum failed attempts in the last 30 minutes [action: {action}, ip: {ip}]', [
'action' => $action,
'ip' => $ip,
]);
// If the ip made too many attempts within the last 30 mins we don't execute anymore
throw new MaxDelayReached('Reached maximum delay');
}
if ($delay > 100) {
$this->logger->info('IP address throttled because it reached the attempts limit in the last 30 minutes [action: {action}, delay: {delay}, ip: {ip}]', [
'action' => $action,
'ip' => $ip,
'delay' => $delay,
]);
}
usleep($delay * 1000);
return $delay;
}