Win a copy of Production-Ready Serverless (Operational Best Practices) this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Ron McLeod
  • Tim Moores
  • salvin francis
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Vijitha Kumara

Java networking - how to permanently ban IP address?  RSS feed

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm making a program where the user logs into the server with a username and password only the server knows. They have 4 tries to get the correct username and password. If they do not enter the correct login information in 4 tries, the server will close connection to the client.

The next part of the program which I need help with is permanently banning the user from connecting for further attempts. When the user is logging in for the first time and gets all 4 attempts wrong, their ip address is written to a file called "userIP.txt".

What I tried to do was read the file and if it matches the user's IP address, they will be banned from the program. It doesn't work - when they come back to the program it lets them log in again.
I know this may not be the best way to ban a user from the server, but my assignment requires me to ban their ip address.

Any ideas how I can fix this?

Here is part of the server code:



Any help is appreciated, thanks!
 
Saloon Keeper
Posts: 5753
56
Eclipse IDE Firefox Browser Java MySQL Database VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would start out by printing out your 'ip' variable. Is it what you expect? Can you verify it with ping and whois?
 
Rancher
Posts: 3353
33
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

when they come back to the program it lets them log in again.  


Can you print the old and new IP addresses to see if they match?
 
Saloon Keeper
Posts: 2471
317
Android Angular Framework Eclipse IDE Java Linux MySQL Database Redhat TypeScript
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This line is going to be a problem:Read-up on what the PrintWriter constructor does.
 
Ranch Hand
Posts: 570
3
Android Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also posted at Code Project
 
Marshal
Posts: 63783
209
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good point. OP: you should always let people on both websites know you are posting in two places.
 
Bartender
Posts: 20562
120
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Brianna!

Actually, banning by IP address is sort of a last-resort solution. IP addresses are not reliable indicators of identity. For example, for years, every computer on the mousetech.com LAN looked to the Internet like it had the IP address of 192.168.14.19. Because they were all behind a NAT firewall.

More commonly, one locks out login IDs, and there you have a choice - reject further login attempts for a fixed period or lock the account until it's manually reset. Linux also puts a delay into the login process so that the amount of time it takes to crack using a brute-force (dictionary-style) approach becomes prohibitively long.

I have many apps on my machines, so one of my first lines of defense is a process called "fail2ban". This utility monitors messages going to the system logfiles such as attempts to access forbidden ports or make "cracker" HTTP URL requests. When fail2ban sees a pattern of abuse, it adds the source IP harvested from the log message to a blacklist used by the firewall. So if someone attempts a port-scan, I slam the door on them. And, alas, on any given day there are literally thousands of ill-intentioned requests aimed at each of my public servers.
 
Men call me Jim. Women look past me to this tiny ad:
global solutions you can do at home or in your backyard
https://www.kickstarter.com/projects/paulwheaton/better-world-boo
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!