1
Posted 23 August 2020 - 03:31 PM #1
Hi
I know failed logins get logged on the database, but is there a way to log failed logins to the admin section on a login.log? The reason for this is because I want to setup a rule for fail2ban. I'm just looking for some things like:
failed to login user test@test.com from 192.168.1.1
any help would be appreciated.
Posted 23 August 2020 - 07:46 PM #2
Custom printed hi visibility clothing sale the UK's online hivis safety shop
v4.5.2
Posted 24 August 2020 - 07:02 PM #3
Admin home page as "Recent Activity" block in lower right that is a list of the most recent logs. You could always write an addon that would get just the failed login entiries. But suggest you work with something like the advanced log search for:
Period = this week
Type = users
Action = Failed logins
Which would come out something like the following.
https://your_host.com/your_admin_url.php?object=&is_search=Y&period=W&time_from=08%2F24%2F2020&time_to=08%2F24%2F2020&q_user=&q_type=users&q_action=failed_login&hint_new_view=Name&dispatch%5Blogs.manage%5D=Search
You can get rid of the time period and probaby add an '&items_per_page=10' to just get the most recent 10 entries of that type.
All UNTESTED
EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.
Posted 27 August 2020 - 07:34 AM #4
Thanks guys, but the problem is that as far as I'm aware fail2ban can only query .log files, I don't think you can setup fail2ban filters using database.
Posted 27 August 2020 - 03:55 PM #5
I got us far as this, but I can't get failed to work. Can anyone help me with it?
Sign In
<?php
use Tygh\Registry;
if (!defined('BOOTSTRAP')) { die('Access denied'); }
if (AREA == 'A' && $mode == 'login_form') {
if ($mode == 'login') {
$login = "SUCCESS";
} elseif ($action == 'failed_login') {
$login = "FAILED";
}
if (!empty(Tygh::$app['session']['auth']['user_id'])) {
$user_id = Tygh::$app['session']['auth']['user_id'];
} else {
$user_id = 0;
}
$ip = fn_get_ip();
function fn_my_changes_failed_logins($log_msg) {
$log_filename = "./var/log";
if (!file_exists($log_filename))
{
mkdir($log_filename, 0777, true);
}
$log_file_data = $log_filename.'/failed_login.log';
file_put_contents($log_file_data, $log_msg . "\n", FILE_APPEND);
}
fn_my_changes_failed_logins('[' . date('d-M-Y H:i:s') . ']' . ' ' . $login . ' ' . 'login for user' . ' ' . $user_id . ' ' . 'from' . ' ' . $ip['host']);
}
Posted 27 August 2020 - 09:15 PM #6
I would use the "fill_auth" PHP hook. You can review the code for the appropriate conditions/logic (fill_auth() in fn.users.php). Note that if $user_data is empty, then it's a logout. Also check that $act_as_user is false.
You should use 'fn_mkdir()' which will set the mode as configured for the site rather than forcing it to 777. It will also handle whether the directory already exists as a directory. And note that the file could have been removed but the directory still exists..
EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.
