Neurogami Posted July 5, 2016 Report Share Posted July 5, 2016 Has anyone set up Revive to work with fail2ban? Does Revive log failed sign-in attempts someplace? Quote Link to comment Share on other sites More sharing options...
Ian Posted July 20, 2016 Report Share Posted July 20, 2016 It does not, do you encounter brute-force attacks ? Quote Link to comment Share on other sites More sharing options...
Neurogami Posted July 20, 2016 Author Report Share Posted July 20, 2016 (edited) Not yet, but I do not want to deploy until I have sufficient security in place. I've been using Revive locally as I get familiar with it. I do not want to wait until the brute force happens (and it will) and then have to rely on the Revive random delay for log-in attempts. I see now that Revive has no option to log sign-in attempts so I've been hacking about to write a plugin for that. Sadly, the plugin development docs are pretty dismal. (Current Revive source code still references the now-dead URL https://developer.openx.org/wiki/display/COMM/Plugins+for+2.8) edit: It occurred to me that, with no failed authorization logging, how would one know if there have been brute-force attacks? Parse the access log for repeated calls to the sign-in page? Anyways, I added code (maybe 10 lines in total) to my installation to write to the syslog when sign-in fails, and now I can have fail2ban handle this for me. Edited July 30, 2016 by Neurogami more information andrewatfornax 1 Quote Link to comment Share on other sites More sharing options...
andrewatfornax Posted January 28, 2017 Report Share Posted January 28, 2017 Nice @Neurogami, Would you like to create a PR in our GitHub project for the change? That sounds like it would be helpful for others to have. Quote Link to comment Share on other sites More sharing options...
lcuis Posted August 3, 2022 Report Share Posted August 3, 2022 Hi, I had the same need as @Neurogami and just did what @andrewatfornax suggested. Here is a pull request for Revive to support fail2ban: https://github.com/revive-adserver/revive-adserver/pull/1389 Here is my comment on that PR: In constants.php , set $GLOBALS['badLoginLogFilePath'] to the path of the log file fail2ban can use to ban an IP trying to brute force your site. For example /var/log/reviveBadLogin.log . Run the following commands to make the file writable: $ touch /var/log/reviveBadLogin.log $ chown www-data:www-data /var/log/reviveBadLogin.log Add the following in the /etc/fail2ban/filter.d/revive.conf file: [Definition] failregex = ^.*: $ datepattern = {^LN-BEG}Epoch Add the following in the /etc/fail2ban/filter.d/revive.conf file: [revive] enabled = true port = 80,443 protocol = tcp filter = revive maxretry = 3 bantime = 86400 findtime = 43200 logpath = /var/log/reviveBadLogin.log Restart fail2ban with the following command: $ systemctl restart fail2ban I was able to test this with a VPN. I entered 3 times bad credentials and by IP got banned. It is likely that call to badLogin.php would be desirable from other places susceptible to be used for brute forcing. I hope this can be merged without too much difficulties. Please let me know if there is anything else I can do for this PR. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.