Feature Request: Write blocked bots to auth. Is bruce-force logging working?

  • Resolved wp_kc

    (@wp_kc)


    6 years, 3 months ago

    A long time ago you added the ability to write blocked bruce-force login attacks to the system auth.log file. The context help shows this as the format of those log entries…

    ninjafirewall[AA]: Possible brute-force attack from BB on CC (DD). Blocking access for EEmn.

    I had written a Fail2Ban filter to catch these log entries and ban them with a firewall. While I used to catch a lot of those log entries, I have not seen any for a while. Is this still the correct log format, and is this message still being generated under any circumstances?

    However, I do see a lot of messages in the NF log containing this…

    /wp-login.php - Blocked access to the login page - [bot detection is enabled]

    What are your thoughts on adding an option to report detected bots to the auth.log file too? Any downside to that?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    If it does not work, that means you likely set up the protection to “Always ON”, not to “Yes, if under attack”.

    • “Always ON”: NinjaFirewall will block all requests, including you. It does not check if there’s an attack or not, it always blocks and asks for a login/password or captcha.
    • “Yes, if under attack”: If it detects an attack, it blocks the access to the login page and write the incident to the firewall log and to the server auth log.

    In the next release I will add a warning to clarify it.

    Regarding adding an option to report detected bots to the auth.log file too, this feature is already available, but in the WP+ Edition only: Syslog logging with NinjaFirewall

    Thread Starter wp_kc

    (@wp_kc)

    Thanks for your response. It sounds like I need to upgrade!

    • This reply was modified 6 years, 3 months ago by wp_kc.
    Thread Starter wp_kc

    (@wp_kc)

    I bought and installed Ninjafirewall WP+ Edition. Syslog events are working great. I wrote a Fail2Ban filter for it too. Also available on Github

    Plugin Author nintechnet

    (@nintechnet)

    Thanks for sharing it!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Feature Request: Write blocked bots to auth. Is bruce-force logging working?’ is closed to new replies.