[synseal]

I have been getting (especially just of late) numerous failed log in attempts on members accounts which seem to be all from crawlers ignoring our robot.txt

This will put an end to that and hopefully stop members thinking there account is being hacked.

Perfect Thanks!

Edit=Tested and working fine

[409industries]

So glad that this mod was released, thank you kh99!

In just the past 4 weeks our forum has been hammered by bots in China trying to brute force our login page on anyone and everyone's accounts. They don't appear to be getting in, but it causes a panic by our members who start emailing the admins thinking their account has been hacked when they get the notice.

Super easy install, i'll monitor how well it works.

One option that would be really nice is to keep the notifications disabled being sent to the forum member's email address but have the login attempts CC'd to an administrator. That way admins can keep an eye on any bot / hack activity trying to login unsuccessfully.

Marked as installed. 5 stars.

[kh99]

I started to add that, then decided it would be better to write records to a db table and send a summary, like once an hour. But of course I got sidetracked. Maybe i'll just go back and add an alternate email address.

[409industries]

Originally Posted by kh99

I started to add that, then decided it would be better to write records to a db table and send a summary, like once an hour. But of course I got sidetracked. Maybe i'll just go back and add an alternate email address.

The DB entries might be interesting for generating ban lists, etc.

Depending on how much invalid login attempts are going on, the email route could generate a lot of email traffic. However, if its pretty quiet an occasional email would be just fine.

Still, some mechanism should be in place to keep admins aware if bots are constantly trying to login, so that we can react accordingly (more IP bans, etc)

Thank you again!

[kh99]

Originally Posted by 409industries

The DB entries might be interesting for generating ban lists, etc.

Depending on how much invalid login attempts are going on, the email route could generate a lot of email traffic. However, if its pretty quiet an occasional email would be just fine.

Still, some mechanism should be in place to keep admins aware if bots are constantly trying to login, so that we can react accordingly (more IP bans, etc)

Thank you again!

Well, I just saw your post in the dbtech product thread. Doesn't that take care of notifications?

[woodmj]

I found the IPs the attacks seemed to be coming from were member IPs so I was banning my members when I was blocking them. Is it possible the attacks just fake IPs?

[kh99]

Originally Posted by woodmj

I found the IPs the attacks seemed to be coming from were member IPs so I was banning my members when I was blocking them. Is it possible the attacks just fake IPs?

Yeah, we were talking about that on vbulletin.com I think. I guess it's possible but I don't know enough about it to know how it's done. I mean, I know an IP packet could contain a fake source ip, but then whoever sent it isn't going to get a response, so I don't see how that helps someone guess passwords. Could be something else is going on there. Have you been in contact with any of those users so that you know they had nothing to do with it?

Hmm, well, I guess maybe someone spoofing IPs could blindly send the right packets to try a login, then use a different ip to see if the user is online. In that case I think the "HV on login" mod should stop that, if the HV is something that can't be guessed.

[409industries]

Originally Posted by kh99

Well, I just saw your post in the dbtech product thread. Doesn't that take care of notifications?

Yes! It actually does. I forgot to reconfigure the watchers option there. Thanks for the heads up.