aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Wild <mwild1@gmail.com>2009-01-11 07:09:25 +0000
committerMatthew Wild <mwild1@gmail.com>2009-01-11 07:09:25 +0000
commit7bd422b3881a111edbb069435c72225d71264e7a (patch)
tree7a38ca1741713eef198663d130f32198e20f6491
parent937375dda1377019b4f592b6f9cea9103cdbd967 (diff)
downloadprosody-7bd422b3881a111edbb069435c72225d71264e7a.tar.gz
prosody-7bd422b3881a111edbb069435c72225d71264e7a.zip
Added rate limiting to in-band registration, and added IP [black/white]lists
-rw-r--r--plugins/mod_register.lua29
1 files changed, 29 insertions, 0 deletions
diff --git a/plugins/mod_register.lua b/plugins/mod_register.lua
index 377bf153..250be65d 100644
--- a/plugins/mod_register.lua
+++ b/plugins/mod_register.lua
@@ -23,6 +23,7 @@ local st = require "util.stanza";
local usermanager_user_exists = require "core.usermanager".user_exists;
local usermanager_create_user = require "core.usermanager".create_user;
local datamanager_store = require "util.datamanager".store;
+local os_time = os.time;
module:add_feature("jabber:iq:register");
@@ -93,6 +94,14 @@ module:add_iq_handler("c2s", "jabber:iq:register", function (session, stanza)
end;
end);
+local recent_ips = {};
+local min_seconds_between_registrations = config.get(module.host, "core", "min_seconds_between_registrations");
+local whitelisted_ips = config.get(module.host, "core", "registration_whitelist") or { "127.0.0.1" };
+local blacklisted_ips = config.get(module.host, "core", "registration_blacklist") or {};
+
+for _, ip in ipairs(whitelisted_ips) do whitelisted_ips[ip] = true; end
+for _, ip in ipairs(blacklisted_ips) do blacklisted_ips[ip] = true; end
+
module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, stanza)
if config.get(module.host, "core", "allow_registration") == false then
session.send(st.error_reply(stanza, "cancel", "service-unavailable"));
@@ -112,6 +121,26 @@ module:add_iq_handler("c2s_unauthed", "jabber:iq:register", function (session, s
local username = query:child_with_name("username");
local password = query:child_with_name("password");
if username and password then
+ -- Check that the user is not blacklisted or registering too often
+ if blacklisted_ips[session.ip] then
+ session.send(st.error_reply(stanza, "cancel", "not-acceptable"));
+ return;
+ elseif min_seconds_between_registrations and not whitelisted_ips[session.ip] then
+ if not recent_ips[session.ip] then
+ recent_ips[session.ip] = { time = os_time(), count = 1 };
+ else
+
+ local ip = recent_ips[session.ip];
+ ip.count = ip.count + 1;
+
+ if os_time() - ip.time < min_seconds_between_registrations then
+ ip.time = os_time();
+ session.send(st.error_reply(stanza, "cancel", "not-acceptable"));
+ return;
+ end
+ ip.time = os_time();
+ end
+ end
-- FIXME shouldn't use table.concat
username = table.concat(username);
password = table.concat(password);