Пример #1
0
        public void DoDelay(UserNameInfo info)
        {
            if (info == null)
                return;

            if (info.AttackCount > 10)
                Thread.Sleep(1000 * (int)info.AttackCount);
        }
Пример #2
0
        public void DoDelay(UserNameInfo info)
        {
            if (info == null)
            {
                return;
            }

            if (info.AttackCount > 10)
            {
                Thread.Sleep(1000 * (int)info.AttackCount);
            }
        }
Пример #3
0
        // 登录前的例行检查
        // parameters:
        public int BeforeLogin(string strUserName,
                               string strClientIP,
                               out string strError)
        {
            strError = "";

            UserNameInfo info   = null;
            string       strKey = strUserName + "|" + strClientIP;

            this.m_lock.EnterReadLock();
            try
            {
                info = _table[strKey] as UserNameInfo;
                if (info == null)
                {
                    return(0);
                }
            }
            finally
            {
                this.m_lock.ExitReadLock();
            }

            if (info.AttackCount > FailCount)
            {
                if (DateTime.Now < info.RetryTime)
                {
                    strError = "前端 用户名 '" + strUserName + "' IP地址 '" + strClientIP + "' 因登录失败的次数太多,已被 " + this.ServerName + " 列入监控名单,禁止使用 Login() API";
                    Thread.Sleep(ShortPauseTicks);
                    return(-1);
                }
            }

            if (DateTime.Now < info.RetryTime)
            {
                strError = "前端 用户名 '" + strUserName + "' IP地址 '" + strClientIP + "' 登录操作被暂时禁止。请于 " + info.RetryTime.ToShortTimeString() + " 以后重试登录";
                Thread.Sleep(ShortPauseTicks);
                return(-1);
            }

            return(0);
        }
Пример #4
0
        // parameters:
        //      nLoginResult    1:成功 0:用户名或密码不正确 -1:出错
        public string AfterLogin(string strUserName,
            string strClientIP,
            int nLoginResult)
        {
            string strLogText = "";

            UserNameInfo info = null;
            string strKey = strUserName + "|" + strClientIP;
            this.m_lock.EnterWriteLock();
            try
            {
                info = _table[strKey] as UserNameInfo;
                if (info == null)
                {
                    if (nLoginResult == 1)
                        return null;

                    info = new UserNameInfo();
                    info.UserName = strUserName;
                    info.ClientIP = strClientIP;
                    info.AttackStart = DateTime.Now;
                    _table[strKey] = info;
                }
                else
                {
                    if (nLoginResult == 1)
                    {
                        _table.Remove(strKey);
                        return null;
                    }
                }

                if (info != null)
                    info.AttackCount++;
            }
            finally
            {
                this.m_lock.ExitWriteLock();
            }

            if (info != null && nLoginResult == 0)
            {
                if (info.AttackCount > FailCount)
                {
                    if (info.RetryTime == new DateTime(0))
                    {
                        info.RetryTime = DateTime.Now + this.PauseTime;
                    }
                    else
                    {
                        // 每多错误一次,追加惩罚十分钟
                        DateTime now = DateTime.Now;
                        if (info.RetryTime > now)   // 上次的结束时间比当前时刻靠后,用上次的结束时间作为基准
                            info.RetryTime += this.PauseTime;    
                        else
                            info.RetryTime = now + this.PauseTime;    // 否则用当前时间作为基准
                    }

                    strLogText = "前端 用户名 '"+strUserName+"' IP地址 '" + strClientIP + "' 从 "+info.AttackStart.ToString()+" 开始试探登录失败达 "+info.AttackCount+" 次,被暂时禁用登录功能,直到 " + info.RetryTime.ToString();
                }
                Thread.Sleep(ShortPauseTicks);
            }

            return strLogText;
        }
Пример #5
0
        // parameters:
        //      nLoginResult    1:成功 0:用户名或密码不正确 -1:出错
        public string AfterLogin(string strUserName,
            string strClientIP,
            int nLoginResult)
        {
            string strLogText = "";

            UserNameInfo info = null;
            string strKey = strUserName + "|" + strClientIP;
            this.m_lock.EnterWriteLock();
            try
            {
                info = _table[strKey] as UserNameInfo;
                if (info == null)
                {
                    if (nLoginResult == 1)
                        return null;

                    info = new UserNameInfo();
                    info.UserName = strUserName;
                    info.ClientIP = strClientIP;
                    info.AttackStart = DateTime.Now;
                    _table[strKey] = info;
                }
                else
                {
                    if (nLoginResult == 1)
                    {
                        _table.Remove(strKey);
                        return null;
                    }
                }

                if (info != null)
                    info.AttackCount++;
            }
            finally
            {
                this.m_lock.ExitWriteLock();
            }

            if (info != null && nLoginResult == 0)
            {
                if (info.AttackCount > FailCount)
                {
                    if (info.RetryTime == new DateTime(0))
                    {
                        info.RetryTime = DateTime.Now.AddMinutes(10);
                    }
                    else
                        info.RetryTime += this.PauseTime;    // 每错误一次,惩罚十分钟

                    strLogText = "前端 [" + strClientIP + "] 被暂时禁用登录功能,直到 " + info.RetryTime.ToString();
                }
                Thread.Sleep(ShortPauseTicks);
            }

            return strLogText;
        }
Пример #6
0
        // parameters:
        //      nLoginResult    1:成功 0:用户名或密码不正确 -1:出错
        public string AfterLogin(string strUserName,
                                 string strClientIP,
                                 int nLoginResult)
        {
            string strLogText = "";

            UserNameInfo info   = null;
            string       strKey = strUserName + "|" + strClientIP;

            this.m_lock.EnterWriteLock();
            try
            {
                info = _table[strKey] as UserNameInfo;
                if (info == null)
                {
                    if (nLoginResult == 1)
                    {
                        return(null);
                    }

                    info             = new UserNameInfo();
                    info.UserName    = strUserName;
                    info.ClientIP    = strClientIP;
                    info.AttackStart = DateTime.Now;
                    _table[strKey]   = info;
                }
                else
                {
                    if (nLoginResult == 1)
                    {
                        _table.Remove(strKey);
                        return(null);
                    }
                }

                if (info != null)
                {
                    info.AttackCount++;
                }
            }
            finally
            {
                this.m_lock.ExitWriteLock();
            }

            if (info != null && nLoginResult == 0)
            {
                if (info.AttackCount > FailCount)
                {
                    if (info.RetryTime == new DateTime(0))
                    {
                        info.RetryTime = DateTime.Now + this.PauseTime;
                    }
                    else
                    {
                        // 每多错误一次,追加惩罚十分钟
                        DateTime now = DateTime.Now;
                        if (info.RetryTime > now)   // 上次的结束时间比当前时刻靠后,用上次的结束时间作为基准
                        {
                            info.RetryTime += this.PauseTime;
                        }
                        else
                        {
                            info.RetryTime = now + this.PauseTime;    // 否则用当前时间作为基准
                        }
                    }

                    strLogText = "前端 用户名 '" + strUserName + "' IP地址 '" + strClientIP + "' 从 " + info.AttackStart.ToString() + " 开始试探登录失败达 " + info.AttackCount + " 次,被暂时禁用登录功能,直到 " + info.RetryTime.ToString();
                }
                Thread.Sleep(ShortPauseTicks);
            }

            return(strLogText);
        }