Add DoS protection ban

bitsd/server/handlers.py

@@ -14,6 +14,7 @@ from datetime import datetime, timedelta
 
 import json
 import markdown
+import time
 import tornado.auth
 import tornado.websocket
 from sqlalchemy import distinct
@@ -202,6 +203,8 @@ class StatusHandler(tornado.websocket.WebSocketHandler):
 
 class LoginPageHandler(BaseHandler):
     """Handle login browser requests for reserved area."""
+    IP_BANS = {}
+    BAN_TIME = 3600000
 
     def get(self):
         next = self.get_argument("next", "/")
@@ -222,14 +225,22 @@ class LoginPageHandler(BaseHandler):
 
         with session_scope() as session:
             try:
-                verified = verify(session, username, password, ip_address)
+                if ip_address in self.IP_BANS.keys():
+                    if time.time() > self.IP_BANS[ip_address] + self.BAN_TIME:
+                        verified = False
+                    else:
+                        verified = verify(session, username, password, ip_address)
+                        self.IP_BANS.pop(ip_address)
+                else:
+                    verified = verify(session, username, password, ip_address)
             except DoSError as error:
                 LOG.warning("DoS protection: %s", error)
                 self.log_offender_details()
+                self.IP_BANS[ip_address] = time.time()
                 self.render(
                     'templates/login.html',
                     next=next,
-                    message="Tentativi dal tuo IP over 9000...",
+                    message="Riscontrato errore DDoS, login disabilitato temporaneamente",
                 )
                 return