private void ProcessPendingIPAddresses()
{
List <PendingIPAddress> ipAddresses;
lock (pendingIPAddresses)
{
ipAddresses = new List <PendingIPAddress>(pendingIPAddresses);
pendingIPAddresses.Clear();
}
foreach (PendingIPAddress p in ipAddresses)
{
string ipAddress = p.IPAddress;
string userName = p.UserName;
DateTime dateTime = p.DateTime;
if (config.IsWhiteListed(ipAddress))
{
Log.Write(LogLevel.Info, "Ignoring whitelisted ip address {0}, user name: {1}", ipAddress, userName);
}
else
{
lock (ipAddressesAndBlockCounts)
{
// Get the IPBlockCount, if one exists.
if (!ipAddressesAndBlockCounts.TryGetValue(ipAddress, out IPBlockCount ipBlockCount))
{
// This is the first failed login attempt, so record a new IPBlockCount.
ipBlockCount = new IPBlockCount();
ipAddressesAndBlockCounts[ipAddress] = ipBlockCount;
}
// Increment the count.
ipBlockCount.IncrementCount();
Log.Write(LogLevel.Info, "Incrementing count for ip {0} to {1}, user name: {2}", ipAddress, ipBlockCount.Count, userName);
// check for the target user name for additional blacklisting checks
bool blackListed = config.IsBlackListed(ipAddress) || (userName != null && config.IsBlackListed(userName));
// if the ip is black listed or they have reached the maximum failed login attempts before ban, ban them
if (blackListed || ipBlockCount.Count >= config.FailedLoginAttemptsBeforeBan)
{
// if they are not black listed OR this is the first increment of a black listed ip address, perform the ban
if (!blackListed || ipBlockCount.Count >= 1)
{
if (!ipAddressesAndBanDate.ContainsKey(ipAddress))
{
Log.Write(LogLevel.Error, "Banning ip address: {0}, user name: {1}, black listed: {2}, count: {3}", ipAddress, userName, blackListed, ipBlockCount.Count);
ipAddressesAndBanDate[ipAddress] = dateTime;
// Run a process if one is in config
var programToRunConfigString = config.ProcessToRunOnBan(ipAddress);
if (!string.IsNullOrWhiteSpace(programToRunConfigString))
{
try
{
var firstSpaceIndex = programToRunConfigString.IndexOf(" ", StringComparison.Ordinal);
var program = programToRunConfigString.Substring(0, firstSpaceIndex);
var arguments = programToRunConfigString.Remove(0, firstSpaceIndex + 1);
Log.Write(LogLevel.Error, "Running program: {0} with arguments: {1}", program, arguments);
Process.Start(program, arguments);
}
catch (Exception e)
{
Log.Write(LogLevel.Error, "Failed to execute process on ban: {0}", e);
}
}
ExecuteBanScript();
}
}
else
{
Log.Write(LogLevel.Info, "Ignoring previously banned black listed ip {0}, user name: {1}, ip should already be banned", ipAddress, userName);
}
}
else if (ipBlockCount.Count > config.FailedLoginAttemptsBeforeBan)
{
Log.Write(LogLevel.Warning, "Got event with ip address {0}, count {1}, ip should already be banned", ipAddress, ipBlockCount.Count);
}
}
}
}
}
private void ProcessPendingIPAddresses()
{
List <PendingIPAddress> ipAddresses;
lock (pendingIPAddresses)
{
ipAddresses = new List <PendingIPAddress>(pendingIPAddresses);
pendingIPAddresses.Clear();
}
foreach (PendingIPAddress p in ipAddresses)
{
string ipAddress = p.IPAddress;
string userName = p.UserName;
DateTime dateTime = p.DateTime;
if (config.IsWhiteListed(ipAddress))
{
Log.Write(LogLevel.Info, "Ignoring whitelisted ip address {0}, user name: {1}", ipAddress, userName);
}
else
{
lock (ipBlocker)
{
// Get the IPBlockCount, if one exists.
IPBlockCount ipBlockCount;
ipBlocker.TryGetValue(ipAddress, out ipBlockCount);
if (ipBlockCount == null)
{
// This is the first failed login attempt, so record a new IPBlockCount.
ipBlockCount = new IPBlockCount();
ipBlocker[ipAddress] = ipBlockCount;
}
// Increment the count.
ipBlockCount.IncrementCount();
Log.Write(LogLevel.Info, "Incrementing count for ip {0} to {1}, user name: {2}", ipAddress, ipBlockCount.Count, userName);
// check for the target user name for additional blacklisting checks
bool blackListed = config.IsBlackListed(ipAddress) || (userName != null && config.IsBlackListed(userName));
// if the ip is black listed or they have reached the maximum failed login attempts before ban, ban them
if (blackListed || ipBlockCount.Count >= config.FailedLoginAttemptsBeforeBan)
{
// if they are not black listed OR this is the first increment of a black listed ip address, perform the ban
if (!blackListed || ipBlockCount.Count >= 1)
{
if (!ipBlockerDate.ContainsKey(ipAddress))
{
Log.Write(LogLevel.Error, "Banning ip address: {0}, user name: {1}, black listed: {2}, count: {3}", ipAddress, userName, blackListed, ipBlockCount.Count);
ipBlockerDate[ipAddress] = dateTime;
ExecuteBanScript();
}
}
else
{
Log.Write(LogLevel.Info, "Ignoring previously banned black listed ip {0}, user name: {1}, ip should already be banned", ipAddress, userName);
}
}
else if (ipBlockCount.Count > config.FailedLoginAttemptsBeforeBan)
{
Log.Write(LogLevel.Warning, "Got event with ip address {0}, count {1}, ip should already be banned", ipAddress, ipBlockCount.Count);
}
}
}
}
}
private void ProcessIPAddress(string ipAddress, XmlDocument doc)
{
if (string.IsNullOrWhiteSpace(ipAddress))
{
return;
}
string userName = null;
XmlNode userNameNode = doc.SelectSingleNode("//Data[@Name='TargetUserName']");
if (userNameNode != null)
{
userName = userNameNode.InnerText.Trim();
}
if (config.IsWhiteListed(ipAddress))
{
Log.Write(LogLevel.Info, "Ignoring whitelisted ip address {0}, user name: {1}", ipAddress, userName);
}
else
{
lock (ipBlocker)
{
// Get the IPBlockCount, if one exists.
IPBlockCount ipBlockCount;
ipBlocker.TryGetValue(ipAddress, out ipBlockCount);
if (ipBlockCount == null)
{
// This is the first failed login attempt, so record a new IPBlockCount.
ipBlockCount = new IPBlockCount();
ipBlocker[ipAddress] = ipBlockCount;
}
// Increment the count.
ipBlockCount.IncrementCount();
Log.Write(LogLevel.Info, "Incrementing count for ip {0} to {1}, user name: {2}", ipAddress, ipBlockCount.Count, userName);
// check for the target user name for additional blacklisting checks
bool blackListed = config.IsBlackListed(ipAddress) || (userName != null && config.IsBlackListed(userName));
// if the ip is black listed or they have reached the maximum failed login attempts before ban, ban them
if (blackListed || ipBlockCount.Count >= config.FailedLoginAttemptsBeforeBan)
{
// if they are not black listed OR this is the first increment of a black listed ip address, perform the ban
if (!blackListed || ipBlockCount.Count >= 1)
{
if (!ipBlockerDate.ContainsKey(ipAddress))
{
Log.Write(LogLevel.Error, "Banning ip address: {0}, user name: {1}, black listed: {2}, count: {3}", ipAddress, userName, blackListed, ipBlockCount.Count);
ipBlockerDate[ipAddress] = DateTime.UtcNow;
ExecuteBanScript();
}
}
else
{
Log.Write(LogLevel.Info, "Ignoring previously banned black listed ip {0}, user name: {1}, ip should already be banned", ipAddress, userName);
}
}
else if (ipBlockCount.Count > config.FailedLoginAttemptsBeforeBan)
{
Log.Write(LogLevel.Warning, "Got event with ip address {0}, count {1}, ip should already be banned", ipAddress, ipBlockCount.Count);
}
}
}
}
