private void ProcessPendingIPAddresses() { List <PendingIPAddress> ipAddresses; lock (pendingIPAddresses) { ipAddresses = new List <PendingIPAddress>(pendingIPAddresses); pendingIPAddresses.Clear(); } foreach (PendingIPAddress p in ipAddresses) { string ipAddress = p.IPAddress; string userName = p.UserName; DateTime dateTime = p.DateTime; if (config.IsWhiteListed(ipAddress)) { Log.Write(LogLevel.Info, "Ignoring whitelisted ip address {0}, user name: {1}", ipAddress, userName); } else { lock (ipAddressesAndBlockCounts) { // Get the IPBlockCount, if one exists. if (!ipAddressesAndBlockCounts.TryGetValue(ipAddress, out IPBlockCount ipBlockCount)) { // This is the first failed login attempt, so record a new IPBlockCount. ipBlockCount = new IPBlockCount(); ipAddressesAndBlockCounts[ipAddress] = ipBlockCount; } // Increment the count. ipBlockCount.IncrementCount(); Log.Write(LogLevel.Info, "Incrementing count for ip {0} to {1}, user name: {2}", ipAddress, ipBlockCount.Count, userName); // check for the target user name for additional blacklisting checks bool blackListed = config.IsBlackListed(ipAddress) || (userName != null && config.IsBlackListed(userName)); // if the ip is black listed or they have reached the maximum failed login attempts before ban, ban them if (blackListed || ipBlockCount.Count >= config.FailedLoginAttemptsBeforeBan) { // if they are not black listed OR this is the first increment of a black listed ip address, perform the ban if (!blackListed || ipBlockCount.Count >= 1) { if (!ipAddressesAndBanDate.ContainsKey(ipAddress)) { Log.Write(LogLevel.Error, "Banning ip address: {0}, user name: {1}, black listed: {2}, count: {3}", ipAddress, userName, blackListed, ipBlockCount.Count); ipAddressesAndBanDate[ipAddress] = dateTime; // Run a process if one is in config var programToRunConfigString = config.ProcessToRunOnBan(ipAddress); if (!string.IsNullOrWhiteSpace(programToRunConfigString)) { try { var firstSpaceIndex = programToRunConfigString.IndexOf(" ", StringComparison.Ordinal); var program = programToRunConfigString.Substring(0, firstSpaceIndex); var arguments = programToRunConfigString.Remove(0, firstSpaceIndex + 1); Log.Write(LogLevel.Error, "Running program: {0} with arguments: {1}", program, arguments); Process.Start(program, arguments); } catch (Exception e) { Log.Write(LogLevel.Error, "Failed to execute process on ban: {0}", e); } } ExecuteBanScript(); } } else { Log.Write(LogLevel.Info, "Ignoring previously banned black listed ip {0}, user name: {1}, ip should already be banned", ipAddress, userName); } } else if (ipBlockCount.Count > config.FailedLoginAttemptsBeforeBan) { Log.Write(LogLevel.Warning, "Got event with ip address {0}, count {1}, ip should already be banned", ipAddress, ipBlockCount.Count); } } } } }
private void ProcessPendingIPAddresses() { List <PendingIPAddress> ipAddresses; lock (pendingIPAddresses) { ipAddresses = new List <PendingIPAddress>(pendingIPAddresses); pendingIPAddresses.Clear(); } foreach (PendingIPAddress p in ipAddresses) { string ipAddress = p.IPAddress; string userName = p.UserName; DateTime dateTime = p.DateTime; if (config.IsWhiteListed(ipAddress)) { Log.Write(LogLevel.Info, "Ignoring whitelisted ip address {0}, user name: {1}", ipAddress, userName); } else { lock (ipBlocker) { // Get the IPBlockCount, if one exists. IPBlockCount ipBlockCount; ipBlocker.TryGetValue(ipAddress, out ipBlockCount); if (ipBlockCount == null) { // This is the first failed login attempt, so record a new IPBlockCount. ipBlockCount = new IPBlockCount(); ipBlocker[ipAddress] = ipBlockCount; } // Increment the count. ipBlockCount.IncrementCount(); Log.Write(LogLevel.Info, "Incrementing count for ip {0} to {1}, user name: {2}", ipAddress, ipBlockCount.Count, userName); // check for the target user name for additional blacklisting checks bool blackListed = config.IsBlackListed(ipAddress) || (userName != null && config.IsBlackListed(userName)); // if the ip is black listed or they have reached the maximum failed login attempts before ban, ban them if (blackListed || ipBlockCount.Count >= config.FailedLoginAttemptsBeforeBan) { // if they are not black listed OR this is the first increment of a black listed ip address, perform the ban if (!blackListed || ipBlockCount.Count >= 1) { if (!ipBlockerDate.ContainsKey(ipAddress)) { Log.Write(LogLevel.Error, "Banning ip address: {0}, user name: {1}, black listed: {2}, count: {3}", ipAddress, userName, blackListed, ipBlockCount.Count); ipBlockerDate[ipAddress] = dateTime; ExecuteBanScript(); } } else { Log.Write(LogLevel.Info, "Ignoring previously banned black listed ip {0}, user name: {1}, ip should already be banned", ipAddress, userName); } } else if (ipBlockCount.Count > config.FailedLoginAttemptsBeforeBan) { Log.Write(LogLevel.Warning, "Got event with ip address {0}, count {1}, ip should already be banned", ipAddress, ipBlockCount.Count); } } } } }
private void ProcessIPAddress(string ipAddress, XmlDocument doc) { if (string.IsNullOrWhiteSpace(ipAddress)) { return; } string userName = null; XmlNode userNameNode = doc.SelectSingleNode("//Data[@Name='TargetUserName']"); if (userNameNode != null) { userName = userNameNode.InnerText.Trim(); } if (config.IsWhiteListed(ipAddress)) { Log.Write(LogLevel.Info, "Ignoring whitelisted ip address {0}, user name: {1}", ipAddress, userName); } else { lock (ipBlocker) { // Get the IPBlockCount, if one exists. IPBlockCount ipBlockCount; ipBlocker.TryGetValue(ipAddress, out ipBlockCount); if (ipBlockCount == null) { // This is the first failed login attempt, so record a new IPBlockCount. ipBlockCount = new IPBlockCount(); ipBlocker[ipAddress] = ipBlockCount; } // Increment the count. ipBlockCount.IncrementCount(); Log.Write(LogLevel.Info, "Incrementing count for ip {0} to {1}, user name: {2}", ipAddress, ipBlockCount.Count, userName); // check for the target user name for additional blacklisting checks bool blackListed = config.IsBlackListed(ipAddress) || (userName != null && config.IsBlackListed(userName)); // if the ip is black listed or they have reached the maximum failed login attempts before ban, ban them if (blackListed || ipBlockCount.Count >= config.FailedLoginAttemptsBeforeBan) { // if they are not black listed OR this is the first increment of a black listed ip address, perform the ban if (!blackListed || ipBlockCount.Count >= 1) { if (!ipBlockerDate.ContainsKey(ipAddress)) { Log.Write(LogLevel.Error, "Banning ip address: {0}, user name: {1}, black listed: {2}, count: {3}", ipAddress, userName, blackListed, ipBlockCount.Count); ipBlockerDate[ipAddress] = DateTime.UtcNow; ExecuteBanScript(); } } else { Log.Write(LogLevel.Info, "Ignoring previously banned black listed ip {0}, user name: {1}, ip should already be banned", ipAddress, userName); } } else if (ipBlockCount.Count > config.FailedLoginAttemptsBeforeBan) { Log.Write(LogLevel.Warning, "Got event with ip address {0}, count {1}, ip should already be banned", ipAddress, ipBlockCount.Count); } } } }