[ixpmanager] How protect IXPManager from exceed login or 404

Barry O'Donovan barry.odonovan at inex.ie
Wed Apr 29 14:54:54 IST 2020 

Should be easy to add this - can one of you open a feature request on 
Github:

https://github.com/inex/IXP-Manager/issues

That'll feed into our dev plans then and I don't see why this couldn't 
be in the next release.

  - Barry


Rémy Günter wrote on 29/04/2020 14:50:
> Dear Nik
> 
> We are looking for the same information. We would like to catch unsuccessful login attempts.
> Prior to 5.x they showed up in the Laravel.log but since 5.x there is no more log entry.
> We would also like to catch the username that was used to try to access the IXPM.
> 
> Any solution to this issue?
> 
> Thanks and kind regards,
> 
> Rémy
> 
> -----Original Message-----
> From: ixpmanager <ixpmanager-bounces at inex.ie> On Behalf Of Nick Hilliard (INEX)
> Sent: Wednesday, 29 April 2020 3:37 pm
> To: willy.konga at gabix.ga
> Cc: INEX IXP Manager Users Mailing List <ixpmanager at inex.ie>
> Subject: Re: [ixpmanager] How protect IXPManager from exceed login or 404
> 
> willy.konga at gabix.ga wrote on 29/04/2020 11:33:
>> Thanks. The ixpmanger generate his access | error log in the apache
>> log directory. But the access log don't provide enough data to create
>> a filter. So is it possible to modify the log system of IXPManger to
>> generate more informations in the access log ?
> 
> Hi Willy
> 
> Each time someone logs in, you should see something in the access.log file which looks like this:
> 
>> x.y.z.w - - [29/Apr/2020:14:06:41 +0100] "POST /ixp/login HTTP/1.0" 302 1297 "https://www.inex.ie/ixp/login" "Mozilla/5.0 (<deleted>) Gecko/20100101 <deleted>"
> 
> It should be sufficient to configure fail2ban to search for the following line (assuming you're using https://ixp.gabix.ga/)
> 
> "POST /login HTTP/1.0" 302
> 
> If you see more than a certain threshold number of these entries in the access.log file, then it means that someone is attempting to brute-force a login attempt.
> 
> Nick
> 
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> Unsubscribe or change options here: https://www.inex.ie/mailman/listinfo/ixpmanager
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> Unsubscribe or change options here: https://www.inex.ie/mailman/listinfo/ixpmanager
> 


-- 

Kind regards,
Barry O'Donovan
INEX Operations

https://www.inex.ie/support/
+353 1 531 3339

More information about the ixpmanager mailing list