Page 1 of 1

DA + LFD integration

Posted: 08 May 2014, 11:48
by smtalk
Hello,

May you use directadmin[.]com/features.php?id=1590 to detect login failures to DA and block particular IPs? DA already has build-in whitelists/blacklists for DA login screen, but the firewall approach would sound great.

Thank you!

Re: DA + LFD integration

Posted: 07 Jul 2014, 11:26
by ForumAdmin
This will be added to the next release of csf.

Re: DA + LFD integration

Posted: 12 Jul 2014, 11:11
by smtalk
Great! There are some new features detecting SquirrelMail, RoundCube and phpMyAdmin login failures on DirectAdmin servers, may you add them also?

phpMyAdmin: directadmin[.]com/features.php?id=1614
SquirrelMail & Roundcube: directadmin[.]com/features.php?id=1609

SquirrelMail log is enabled by default in CustomBuild 2.0 now also, so all of the web applications have authentication logs with CustomBuild 2.0 with no manual actions (just the "./build update; ./build phpmyadmin; ./build roundcube; ./build squirrelmail" is needed or update of these components).

From CSF side of view you'd need to check if the following file exists, and if they do, use them:
/var/www/html/roundcube/logs/errors
/var/www/html/squirrelmail/data/squirrelmail_access_log
/var/www/html/phpMyAdmin/log/auth.log

Thank you!

Re: DA + LFD integration

Posted: 20 Jul 2014, 16:53
by mtk
I vote +1 to add support in CSF to those new DA features!

Re: DA + LFD integration

Posted: 26 Jul 2014, 14:07
by smtalk
I also received a report that pure-ftpd failed logins are not taken care of: forum.directadmin[.]com/showthread.php?t=49483

Pure-FTPd logs by default to /var/log/messages. Authentication failed messages look like:

Code: Select all

Jul 25 23:54:48 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:54:54 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:54:59 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:04 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:13 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:23 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:35 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:54 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 26 00:40:27 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username@domain[.]com]
Jul 26 01:34:50 box14 pure-ftpd: (?@8.8.4.4) [WARNING] Authentication failed for user [username2@domain[.]com]
Jul 26 04:31:50 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username@domain[.]com]
Jul 26 05:30:30 box14 pure-ftpd: (?@8.8.4.4) [WARNING] Authentication failed for user [username2@domain[.]com]
Jul 26 08:54:21 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username@domain[.]com]
As I am not authorized to paste URL links, I changed all occurrences of domain . com to domain[.]com.

Re: DA + LFD integration

Posted: 07 Aug 2014, 10:34
by smtalk
Are SquirrelMail/RoundCube/phpMyAdmin going to be added to LFD?

Re: DA + LFD integration

Posted: 26 Aug 2014, 14:06
by DigitalConcepts
I would like to second that motion, lfd does a great job and no server should be without this firewall :)
adding those logs to scan would be a nice addition ,
currently using BFM but it dont always take care of the problem, only notify :(

Re: DA + LFD integration

Posted: 07 Sep 2014, 22:23
by nsc
I do not see any more feedback from forum administrators.
Will those features be integrated into LFD?

I'm also voting +1 for this.

Re: DA + LFD integration

Posted: 30 Sep 2014, 15:41
by ForumAdmin
This has now been added to the new v7.50 release:
http://blog.configserver.com