Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Log Failed Logins Rate Topic   - - - - -

 

Posted 23 August 2020 - 03:31 PM #1

Hi

I know failed logins get logged on the database, but is there a way to log failed logins to the admin section on a login.log? The reason for this is because I want to setup a rule for fail2ban. I'm just looking for some things like:

 

failed to login user test@test.com from 192.168.1.1

 

any help would be appreciated.



 
  • johnbol1
  • Never Re
  • Members
  • Join Date: 23-Feb 10
  • 4908 posts

Posted 23 August 2020 - 07:46 PM #2

https://prnt.sc/u4ku55

 

admin>logs

no good ??


Custom printed hi visibility clothing sale the UK's online hivis safety shop
v4.5.2


 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 12038 posts

Posted 24 August 2020 - 07:02 PM #3

Admin home page as "Recent Activity" block in lower right that is a list of the most recent logs.  You could always write an addon that would get just the failed login entiries.  But suggest you work with something like the advanced log search for:

Period = this week

Type = users

Action = Failed logins

 

Which would come out something like the following.

https://your_host.com/your_admin_url.php?object=&is_search=Y&period=W&time_from=08%2F24%2F2020&time_to=08%2F24%2F2020&q_user=&q_type=users&q_action=failed_login&hint_new_view=Name&dispatch%5Blogs.manage%5D=Search

 

You can get rid of the time period and probaby add an '&items_per_page=10' to just get the most recent 10 entries of that type.

 

All UNTESTED


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 

Posted 27 August 2020 - 07:34 AM #4

Thanks guys, but the problem is that as far as I'm aware fail2ban can only query .log files, I don't think you can setup fail2ban filters using database.



 

Posted 27 August 2020 - 03:55 PM #5

I got us far as this, but I can't get failed to work. Can anyone help me with it?

<?php
	
use Tygh\Registry;
  
if (!defined('BOOTSTRAP')) { die('Access denied'); }

if (AREA == 'A' && $mode == 'login_form') {
	if ($mode == 'login') {
		$login = "SUCCESS";
	} elseif ($action == 'failed_login') {
		$login = "FAILED";
	}
	
	if (!empty(Tygh::$app['session']['auth']['user_id'])) {
	    $user_id = Tygh::$app['session']['auth']['user_id'];
	} else {
	    $user_id = 0;
	}
	
	$ip = fn_get_ip();
	
	function fn_my_changes_failed_logins($log_msg) {
	    $log_filename = "./var/log";
	    if (!file_exists($log_filename)) 
	    {
	        mkdir($log_filename, 0777, true);
	    }
	    $log_file_data = $log_filename.'/failed_login.log';
	    file_put_contents($log_file_data, $log_msg . "\n", FILE_APPEND);
	}
	
	fn_my_changes_failed_logins('[' . date('d-M-Y H:i:s') . ']' . ' ' . $login . ' ' . 'login for user' . ' ' . $user_id . ' ' . 'from' . ' ' . $ip['host']);
}


 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 12038 posts

Posted 27 August 2020 - 09:15 PM #6

I would use the "fill_auth" PHP hook.  You can review the code for the appropriate conditions/logic (fill_auth() in fn.users.php).  Note that if $user_data is empty, then it's a logout.  Also check that $act_as_user is false.

 

You should use 'fn_mkdir()' which will set the mode as configured for the site rather than forcing it to 777.  It will also handle whether the directory already exists as a directory.  And note that the file could have been removed but the directory still exists..


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.