Jump to content

Recommended Posts

  • 3 weeks later...
Posted (edited)

Not yet, but I do not want to deploy until I have sufficient security in place.  I've been using Revive locally as I get familiar with it.  

I do not want to wait until the brute force happens (and it will) and then have to rely on the Revive random delay for log-in attempts.

I see now that Revive has no option to log sign-in attempts so I've been hacking about to write a plugin for that. 

Sadly, the plugin development docs are pretty dismal.  (Current Revive source code still references the now-dead URL https://developer.openx.org/wiki/display/COMM/Plugins+for+2.8)

 

edit:  It occurred to me that, with no failed authorization logging, how would one know if there have been brute-force attacks? Parse the access log for repeated calls to the sign-in page?   Anyways, I added code (maybe 10 lines in total) to my installation to write to the syslog when sign-in fails, and now I can have fail2ban handle this for me.

Edited by Neurogami
more information
  • 6 months later...
  • 5 years later...
Posted

Hi,

 

I had the same need as @Neurogami and just did what @andrewatfornax suggested.

 

Here is a pull request for Revive to support fail2ban:

https://github.com/revive-adserver/revive-adserver/pull/1389

 

Here is my comment on that PR:

 

In constants.php , set $GLOBALS['badLoginLogFilePath'] to the path of the log file fail2ban can use to ban an IP trying to brute force your site. For example /var/log/reviveBadLogin.log .
Run the following commands to make the file writable:
$ touch /var/log/reviveBadLogin.log
$ chown www-data:www-data /var/log/reviveBadLogin.log

Add the following in the /etc/fail2ban/filter.d/revive.conf file:
[Definition]
failregex = ^.*: $
datepattern = {^LN-BEG}Epoch

Add the following in the /etc/fail2ban/filter.d/revive.conf file:
[revive]
enabled = true
port = 80,443
protocol = tcp
filter = revive
maxretry = 3
bantime = 86400
findtime = 43200
logpath = /var/log/reviveBadLogin.log

Restart fail2ban with the following command:
$ systemctl restart fail2ban

I was able to test this with a VPN. I entered 3 times bad credentials and by IP got banned.

It is likely that call to badLogin.php would be desirable from other places susceptible to be used for brute forcing.

 

I hope this can be merged without too much difficulties.

Please let me know if there is anything else I can do for this PR.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...