[ixpmanager] How protect IXPManager from exceed login or 404

Rémy Günter remy.guenter at swissix.ch
Wed Apr 29 14:50:51 IST 2020


Dear Nik

We are looking for the same information. We would like to catch unsuccessful login attempts.
Prior to 5.x they showed up in the Laravel.log but since 5.x there is no more log entry. 
We would also like to catch the username that was used to try to access the IXPM.

Any solution to this issue? 

Thanks and kind regards,

Rémy

-----Original Message-----
From: ixpmanager <ixpmanager-bounces at inex.ie> On Behalf Of Nick Hilliard (INEX)
Sent: Wednesday, 29 April 2020 3:37 pm
To: willy.konga at gabix.ga
Cc: INEX IXP Manager Users Mailing List <ixpmanager at inex.ie>
Subject: Re: [ixpmanager] How protect IXPManager from exceed login or 404

willy.konga at gabix.ga wrote on 29/04/2020 11:33:
> Thanks. The ixpmanger generate his access | error log in the apache 
> log directory. But the access log don't provide enough data to create 
> a filter. So is it possible to modify the log system of IXPManger to 
> generate more informations in the access log ?

Hi Willy

Each time someone logs in, you should see something in the access.log file which looks like this:

> x.y.z.w - - [29/Apr/2020:14:06:41 +0100] "POST /ixp/login HTTP/1.0" 302 1297 "https://www.inex.ie/ixp/login" "Mozilla/5.0 (<deleted>) Gecko/20100101 <deleted>"

It should be sufficient to configure fail2ban to search for the following line (assuming you're using https://ixp.gabix.ga/)

"POST /login HTTP/1.0" 302

If you see more than a certain threshold number of these entries in the access.log file, then it means that someone is attempting to brute-force a login attempt.

Nick

_______________________________________________
INEX IXP Manager mailing list
ixpmanager at inex.ie
Unsubscribe or change options here: https://www.inex.ie/mailman/listinfo/ixpmanager


More information about the ixpmanager mailing list