功能性改进-添加防爆破功能增强安全性

[Lvmoo]

使用的anylink版本 ?

5ef8a1165c14:/app# ./anylink -v
AnyLink v0.12.1 build on go1.20.14 [linux, amd64] date:2024-04-25T11:51:21+08:00 commit_id(9d926edabbda635ec8f6d2808aa1c57149d74ecc)

使用操作系统的类型和版本?

root@xxx:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04 LTS
Release:        24.04
Codename:       noble
root@xxx:~# 

使用linux 内核版本?

root@xxx:~# uname -a
Linux xxx 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

遭遇到了爆破登录尝试，虽然anylink安全很高，但总归是会对服务器造以及数据库成压力。
建议添加类型ocserv的防爆破功能，单位时间内登录失败次数达到特定次数，限制用户接下来一段时间不可登录。

# Banning clients in ocserv works with a point system. IP addresses
# that get a score over that configured number are banned for
# min-reauth-time seconds. By default a wrong password attempt is 10 points,
# a KKDCP POST is 1 point, and a connection is 1 point. Note that
# due to different processes being involved the count of points
# will not be real-time precise. Local subnet IPs are exempt to allow
# services that check for process health.
#
# Set to zero to disable.
max-ban-score = 80

# The time (in seconds) that all score kept for a client is reset.
ban-reset-time = 1200

# In case you'd like to change the default points.
#ban-points-wrong-password = 10
#ban-points-connection = 1
#ban-points-kkdcp = 1

爆破的相关日志如下：

[maoxiaomo]

我也遇到过此类安全事件。