From 960fd6ee89bcb3035ccc884e6f6f20e0b2986f71 Mon Sep 17 00:00:00 2001 From: Diavolo Date: Sun, 21 Jan 2024 11:30:40 +0100 Subject: [PATCH] feat: log failed g_password login/connect attempts --- src/Components/Modules/Auth.cpp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/Components/Modules/Auth.cpp b/src/Components/Modules/Auth.cpp index d46e58fb..2cae7191 100644 --- a/src/Components/Modules/Auth.cpp +++ b/src/Components/Modules/Auth.cpp @@ -214,6 +214,7 @@ namespace Components if (Bans::IsBanned({guid, address.getIP()})) { + Logger::PrintFail2Ban("Failed connect attempt from IP address: {}\n", Network::AdrToString(address)); Network::Send(address, "error\nEXE_ERR_BANNED_PERM"); return; } @@ -315,6 +316,12 @@ namespace Components } } + void ClientConnectFailedStub(Game::netsrc_t sock, Game::netadr_t adr, const char* data) + { + Logger::PrintFail2Ban("Failed connect attempt from IP address: {}\n", Network::AdrToString(adr)); + Game::NET_OutOfBandPrint(sock, adr, data); + } + unsigned __int64 Auth::GetKeyHash(const std::string& key) { std::string hash = Utils::Cryptography::SHA1::Compute(key); @@ -502,6 +509,9 @@ namespace Components Utils::Hook(0x41D3E3, SendConnectDataStub, HOOK_CALL).install()->quick(); + // Hook for Fail2Ban (Hook near client connect to detect password brute forcing) + Utils::Hook(0x4611CA, ClientConnectFailedStub, HOOK_CALL).install()->quick(); // NET_OutOfBandPrint (Grab IP super easy) + // SteamIDs can only contain 31 bits of actual 'id' data. // The other 33 bits are steam internal data like universe and so on. // Using only 31 bits for fingerprints is pretty insecure.