* Disconnect clients that attempt to login with banned usernames for Telnet as well

* Slow disconnects to thwart brute force attacks - these names won't exist anyway, but we want the attacking client to not DoS us
2018-12-25 00:18:04 -07:00
parent 06a1925288
commit ee93035bb8
4 changed files with 38 additions and 21 deletions
--- a/WHATSNEW.md
+++ b/WHATSNEW.md
@@ -25,6 +25,7 @@ This document attempts to track **major** changes and additions in ENiGMA½. For
 * NNTP support! See [NNTP docs](/docs/servers/nntp.md) for more information.
 * `oputil.js user rm` and `oputil.js user info` are in! See [oputil CLI](/docs/admin/oputil.md).
 * Performing a file scan/import using `oputil.js fb scan` now recognizes various `FILES.BBS` formats.
+* Usernames found in the `config.users.badUserNames` are now not only disallowed from applying, but disconnected at any login attempt.


 ## 0.0.8-alpha