Menu
Say I have a Node.JS server app and I want to block users that failed to log in 3 consecutive times, what is the correctly way to do that?
Should I handle the blocking part in the server app, basically after the user has connected but has not yet logged in, or is there some lower level stage where I am supposed to do it, so it doesn't even reach my Node.JS app?
459
You should think about what should happens if:
And some users have static IP address (they can not change it).
Solution
Because of this I would block the account and IP address(es), and then I would send an email to the account owner with a link wich will deblock the account and this without the require of the password changing. The account owner should also answer about deblocking of IP address(es), because he knows his IP address(es).
The preferable solution would be to block an IP address at a lower level – before it gets to Node.JS because all networking happens in the operating system kernel and the kernel can block it more efficiently and sooner in the connection than Node.JS could do it.
But at first to answer your question...
var blackList =
[
'77.88.99.1',
'88.77.99.1'
];
var http = require('http');
var server = http.createServer(function(req, res)
{
var ip = req.ip
|| req.connection.remoteAddress
|| req.socket.remoteAddress
|| req.connection.socket.remoteAddress;
if(blackList.indexOf(ip) > -1)
{
res.end(); // exit if it is a black listed ip
}
}).listen(80, '127.0.0.1');
And Node.js http.Server has a connection event. You could do it also on this way:
server.on('connection', function(socket)
{
// console.log(socket.remoteAddress);
// Put your logic here
});
Sometime it is necessary to block incoming connection or traffic from specific remote host. iptables is administration tool for IPv4 packet filtering and NAT under Linux kernel. Following tip will help you to block attacker or spammers IP address.
How do I block specific incoming ip address?
Following iptable rule will drop incoming connection from host/IP
202.54.20.22:iptables -A INPUT -s 202.54.20.22 -j DROP iptables -A OUTPUT -d 202.54.20.22 -j DROPA simple shell script to block lots of IP address
If you have lots of IP address use the following shell script:
A) Create a text file:
# vi /root/ip.blockedNow append IP address:
# Ip address block file 202.54.20.22 202.54.20.1/24 #65.66.36.87B) Create a script as follows or add following script line to existing iptables shell script:
BLOCKDB="/root/ip.blocked" IPS=$(grep -Ev "^#" $BLOCKDB) for i in $IPS do iptables -A INPUT -s $i -j DROP iptables -A OUTPUT -d $i -j DROP doneC) Save and close the file.
© Source Linux Iptables block incoming access to selected or specific ip address
86
Why do you want to block a user?
As a Security Researcher, I will give you a general answer that is not specificity for NodeJS.
IP blocking is almost ineffective because it can be easily changed.
If you block the user the attacker can easily disrupt part of the usability of your site by brute-forcing on other users or specific users to disable their accounts.
I personally use a challenge system to cover both conditions
Finally, before doing the login request, first check the user's IP, in your blacklist (10 times should be enough). If the IP was allowed then check requested user failed logins (5 times should be good) and if one of these checks fails just send a challenge back and stop login action.
You can use a secure captcha or anything else. If the client solves it correctly, do login action for it. and make sure you reset incorrect login count for users. But for IP don't do it instantly and reset it daily, weekly, or monthly.
So, any IP after 10 times of incorrect login should face with challenge and at user level after 5 incorrect logins with any IP address must pass the challenge
This way, you won't make any issues for normal users and also preventing the attacker to brute-force.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
