[ixpmanager] How protect IXPManager from exceed login or 404
willy.konga at gabix.ga
willy.konga at gabix.ga
Thu Apr 30 10:53:15 IST 2020
Thanks Nick.
----- Mail original -----
De: "Nick Hilliard (INEX)" <nick at inex.ie>
À: "willy konga" <willy.konga at gabix.ga>
Cc: "INEX IXP Manager Users Mailing List" <ixpmanager at inex.ie>
Envoyé: Mercredi 29 Avril 2020 14:37:28
Objet: Re: [ixpmanager] How protect IXPManager from exceed login or 404
willy.konga at gabix.ga wrote on 29/04/2020 11:33:
> Thanks. The ixpmanger generate his access | error log in the apache log
> directory. But the access log don't provide enough data to create a
> filter. So is it possible to modify the log system of IXPManger to
> generate more informations in the access log ?
Hi Willy
Each time someone logs in, you should see something in the access.log
file which looks like this:
> x.y.z.w - - [29/Apr/2020:14:06:41 +0100] "POST /ixp/login HTTP/1.0" 302 1297 "https://www.inex.ie/ixp/login" "Mozilla/5.0 (<deleted>) Gecko/20100101 <deleted>"
It should be sufficient to configure fail2ban to search for the
following line (assuming you're using https://ixp.gabix.ga/)
"POST /login HTTP/1.0" 302
If you see more than a certain threshold number of these entries in the
access.log file, then it means that someone is attempting to brute-force
a login attempt.
Nick
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20200430/3ba1373f/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Signature DT.PNG
Type: image/png
Size: 39820 bytes
Desc: not available
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20200430/3ba1373f/attachment-0001.png>
More information about the ixpmanager
mailing list