1

Failed logins for IP per minute not working

Topic: Failed logins for IP per minute not working

Hi,

We are checking this option (Failed logins for IP per minute) on  wialon local  (last version) and it is not working.
we set this parameter to 3 and restart the wialon... after this, we try to conect to wialon local with a incorrect password 10 times in less than one minute and nothing happened (we can try many times that we want).

looking at the logs (/home/wialon/wlocal/logs and /var/www/nginx/*) we cant see anything about the user (connect or failed tries).

Any help to put this option to work ?

2

Failed logins for IP per minute not working

(edited by STAN 14/11/2017 15:29:20)

Re: Failed logins for IP per minute not working

supervhs
Hello, this option is about logins on wialon (Wialon Web, CMS Manager sites, remote API).
/home/wialon/wlocal/logs/trace.log - here is log file that you need.
2017/11/14 15:09:16:193: avl_ulimit_service DENIED(56da44c3): invalid_logins: 2(1) - blocked for 53 s
You can see such records when you try to login with correct login/password in 1 minute after incorrect logins.

“It’s Not A Bug, It’s A Feature!”
Anton Stepanovitch, Gurtam QA
3

Failed logins for IP per minute not working

Re: Failed logins for IP per minute not working

Hi Stan

that is the problem... they are not working

Just now, I was on the cms and try to login with a wrong password 30 times in less than one minute and nothing happen in the system or the logs.

=========================
# grep -i denied /home/wialon/wlocal/logs/trace.log
#

# grep xxx.xxx.xxx.xxx  /var/log/nginx/wdc.access.log | wc
    139    3197   45667
=========================

note: xxx is my IP and how you can see, we try to conect many times to cms.

any idea ???

4

Failed logins for IP per minute not working

(edited by STAN 14/11/2017 18:06:45)

Re: Failed logins for IP per minute not working

supervhs , You can see such records when you try to login with correct login/password in 1 minute after incorrect logins.

“It’s Not A Bug, It’s A Feature!”
Anton Stepanovitch, Gurtam QA
5

Failed logins for IP per minute not working

(edited by supervhs 14/11/2017 20:12:27)

Re: Failed logins for IP per minute not working

Hi

Yes.. I can see this in logs

=======================
2017/11/14 16:57:33:690: Wialon login (authHash) user: 'victorhugo'; host: '186.156.XXX.XXXX'; service: 'cms.company.com'; app: 'cms.company.com'
=======================

but that is all.... above all the logs and comments:



# tail /home/wialon/wlocal/logs/trace.log -f -n 5000  | egrep -v lic.gurtam | egrep  '(victorhugo|denied)'
==========================
# Create a new user at CMS - 16:56

2017/11/14 16:56:39:930: storage_user::set_flags('victorhugo', '70747b1e69350eac9b6384eedcbd04f4' => 0x4 (0x4))
2017/11/14 16:56:40:137: adf_avl_create_resource('victorhugo')
2017/11/14 16:56:40:346: billing_account_plugin::enable_billing('victorhugo', '66c899f70c55e073ac5a68880563736e')
2017/11/14 16:56:40:346: billing_account_plugin::set_billing_plan('victorhugo', '66c899f70c55e073ac5a68880563736e' => 'Wialon')
2017/11/14 16:56:40:347: billing_account_plugin::set_parent_account_item('victorhugo', '66c899f70c55e073ac5a68880563736e' => 'wialon')


# tried to connect with a wrong password and nothing in the logs. So, I connect with a correct password and wialon log it

2017/11/14 16:57:33:690: Wialon login (authHash) user: 'victorhugo'; host: '186.156.XX.XXX'; service: 'cms.company.com'; app: 'cms.compay.com'

# I made the logout and nothing in the logs...
# After this, I tried many times with a wrong password and nothing
# After 4 minutes, I change to another IP (using a proxy) and tried with wrong password and notthing.


2017/11/14 17:01:49:318: Wialon login (authHash) user: 'victorhugo'; host: '186.103.XXX.XXX'; service: 'cms.company.com'; app: 'cms.company.com'

# I login and made a logout and tried with a wrong password and notthing
# after 6 minutes, I change to another IP again (using a other proxy) and tried to conect with a wrong passwod.. Wialon detect that I changed of IP whit this message " Your IP has changed or session has expired. Try again" but it isnt logging and blocking the failled logins.
======================================

any other suggestion ??