Java networking - how to permanently ban ip address?

Question

I'm making a program where the user logs into the server with a username and password only the server knows. They have 4 tries to get the correct username and password. If they do not enter the correct login information in 4 tries, the server will close connection to the client.

The next part of the program which I need help with is permanently banning the user from connecting for further attempts. When the user is logging in for the first time and gets all 4 attempts wrong, their ip address is written to a file called "userIP.txt".

What I tried to do was read the file and if it matches the user's IP address, they will be banned from the program. It doesn't work - when they come back to the program it lets them log in again.

Any ideas how I can fix this?

Here is part of the server code:

    import java.lang.*;
import java.io.*;
import java.net.*;

class Server {
    public static void main(String args[]) throws FileNotFoundException {
        String welcome = "Welcome! The server is now connected.";
        String login = "Enter username and password: ";
        String message; 
        PrintWriter writer = new PrintWriter("userIP.txt");

    try {
        //Detecting the localhost's ip address
        InetAddress localaddr = InetAddress.getLocalHost();
        System.out.println("SERVER\n");
        System.out.println ("Local hostnameIP: " + localaddr );

        // Creating a server socket for connection
        ServerSocket srvr = new ServerSocket(1234);
        System.out.println("Waiting for connection on "+localaddr);
        // Accept incoming connection
        Socket skt = srvr.accept();
        System.out.print("Server has connected!\n");
        // get Input and Output streams
        PrintWriter out = new PrintWriter(skt.getOutputStream(), true);
        out.flush();
        BufferedReader in = new BufferedReader(new InputStreamReader(skt.getInputStream()));
        BufferedReader log = new BufferedReader(new InputStreamReader(skt.getInputStream())); //read input for login
        System.out.print("Sending string: '" + welcome + "'\n");
        out.println(welcome);
        String ip = localaddr.getHostAddress();

        //read file

        String checkIP = "userIP.txt";
        String line = null;
        try {
            FileReader readFile = new FileReader (checkIP);
            BufferedReader br = new BufferedReader (readFile);
            while ((line = br.readLine())!= null) {
                System.out.println("reading file: " + line);

                if (line==ip) {
                    System.out.println("IP MATCHES");

                    //closing server
                    out.println("You are banned. Server closing.");
                    out.close();
                    skt.close();
                    srvr.close();
                }
            }
            br.close();


        }
        catch (FileNotFoundException ex) {
            System.out.println("Unable to open file '" + checkIP + "'");
        }
        catch(IOException ex) {
            System.out.println("Error reading file '" + checkIP + "'");
        }

        //login attempts
        int tries = 4;
        while (tries>0) {
            out.println(login);

            //login
            String username = in.readLine();
            System.out.println("Client's username: " + username);

            String password = in.readLine();
            System.out.println("Client's password: " + password);

            if (username.equals("hello123") && password.equals("mypass")) {
                out.println("Correct login!");
                System.out.println ("Client's IP Address: " + localaddr.getHostAddress());
                tries=-1;
            }

            else  { //if wrong login - give 3 more tries

                tries--;
                System.out.println("Number of tries left: " + tries);
                out.println("Try again. Login attempts left - " + tries);

            }
        }


            if (tries==0){
            out.println("Wrong login - server closing");
            out.close();
            skt.close();
            srvr.close();

            //ban ip address permanently 
            System.out.println(localaddr.getHostAddress()); 

            writer.println(localaddr.getHostAddress()); //write ip address to file
            writer.close();

        }

Let me know if you need the client code. All help is appreciated!

How is this any better than [fail2ban](http://www.fail2ban.org)? — tadman, Mar 26 '18 at 15:16
Possible duplicate of [How do I compare strings in Java?](https://stackoverflow.com/questions/513832/how-do-i-compare-strings-in-java) — Carcigenicate, Mar 26 '18 at 15:17
Close voters: it's not only the String compare issue. See answer by Mohd. — Modus Tollens, Mar 26 '18 at 16:05

Mohd Alomar · Answer 1 · 2018-03-29T14:10:20.577

3

First you compare String by reference not value change

if (line==ip)

to

if ( line.equals(ip) )

Updated: no need to use replaceAll(); as @EJP mentioned in the comment.

readLine() removes the line terminator. The replaceAll() calls are therefore unnecessary.

Also you use PrintWriter which will open the file in override mode, the file will be empty before checking the ban list. Use FileWriter instead.

PrintWriter writer = new PrintWriter(new FileWriter("userIP.txt", true));

And you got the wrong InetAddress address. You need to get the client address so change it to

Socket skt = srvr.accept();
InetAddress clientInetAddress = skt.getInetAddress();
ip = clientInetAddress.getHostAddress();

But blocking by IP is mistake. In real world example multiple user share the same IP address which is the NAT public IP address. It better to block the login attempt for specific user for certain amount of time. so you block the user for 30 min then increase the duration then block the user permanently and ask for second verification method such as phone or email.

edited Mar 29 '18 at 14:10

answered Mar 26 '18 at 15:31

Mohd Alomar

953
1
13
30

3

"_But blocking by IP is mistake._" That is absolutely correct. – Ron Maupin Mar 26 '18 at 15:41
1

Ah yes! I totally forgot the .equals. Thanks for letting me know that the client's ip is different, I'm just learning networking. But the client does not get banned permanently if they come back to the program - any idea how to fix this? – Brianna Mar 26 '18 at 19:12
The assignment that I have requires me to ban the user by permanently saving their ip address - writing it to a file. I have to use InetAddress – Brianna Mar 26 '18 at 19:15
1

is the client in the same network, and what is the client ip after editing the code ? – Mohd Alomar Mar 26 '18 at 19:39
Yes the client is in the same network. the client ip address is a number, but different from the server – Brianna Mar 26 '18 at 20:39
Change the if statment to if ( line.replaceAll("\n", "").replaceAll("\r", "").equals(ip) ) – Mohd Alomar Mar 26 '18 at 20:48
Still the same outcome. The user doesn't get banned – Brianna Mar 26 '18 at 20:59
1

I read your code carefully. you use PrintWriter to open the file which override the content of the file before checking ban list use FileWriter instead. PrintWriter writer = new PrintWriter(new FileWriter("userIP.txt", true)); – Mohd Alomar Mar 26 '18 at 21:32
2

`readLine()` removes the line terminator. The `replaceAll()` calls are therefore unnecessary. – user207421 Mar 29 '18 at 02:12

Java networking - how to permanently ban ip address?

1 Answers1