Jump to content

Backend page visits/login attempts


Entice
 Share

Recommended Posts

So I've been monitoring one of my sites' login sessions and noticed visits to the backend login page. While I believe having the session throttle module installed does its' magic, I was still concerned about any login attempts. 

So I decided to create add a honey pot into the admin login process since no one should be trying to login except me under a specific username. Before even the session login occurs in the module, if the username doesn't match, it

  1. Logs the attempt
  2. Saves the ip to a list on an admin page
  3. Redirects the user to the 404 page
  4. Site immediately checks if ip address exists in the banned list.
  5. Throws error on all pages thereafter for that ip address.

This may be going a bit overboard but after seeing constant visits to the backend login page that I believe only I should be visiting, it peaked interest as to what ways I could further protect the back end. As long as I'm careful not to ban myself, should take care of those attempts.

I know I may have a chance of banning an IP shared by many such as a cafe or cell phone network, let alone having ips cycle around,  but we'll see how it goes.

Anyone else have any thoughts on methods of protecting the backend of processwire? (Aside from https://processwire.com/docs/security/admin/)

  • Like 1
Link to comment
Share on other sites

9 hours ago, Entice said:

So I decided to create add a honey pot into the admin login process since no one should be trying to login except me under a specific username. Before even the session login occurs in the module

I am highly interested to see how in term of code you manage this. Did you hardcoded the login name in a hook or something like that ?

As you say that you are monitoring a login for a specific username,  you could prevent a login by hiding deeper the admin by naming the page with something complex you only know, eg. an url based on a HASH.

  • Like 3
Link to comment
Share on other sites

7 hours ago, flydev said:

I am highly interested to see how in term of code you manage this. Did you hardcoded the login name in a hook or something like that ?

As you say that you are monitoring a login for a specific username,  you could prevent a login by hiding deeper the admin by naming the page with something complex you only know, eg. an url based on a HASH.

It's nothing fancy, but I currently don't have it tied to a hook yet. It's a scrap job as I was just exploring ideas to monitor login attempts to the backend.

I've placed it where the login occurs for the backend in the \wire\modules\Process\ProcessLogin\ProcessLogin.module

if($name != "admin" // Or whatever username){
	// Log Attempt
	$this->wire('log')->save('attempts', long2ip($this->wire('session')->getIP(true)).':'.$name.':'.$pass);
	// Get Honeypot Page that contains textarea of banned ips	
	$honeypot = $this->pages->get("/processwire/honeypot/");
	// Get IP Address
	$ip = long2ip($this->wire('session')->getIP(true));
	// Concatenate to textarea and Save Page
	$honeypot->of(false);
	$honeypot->banned = ($honeypot->banned != "")?($honeypot->banned.','.$ip):($ip);;
	$honeypot->save();
	$honeypot->of(true);
	// Redirect to 404
	$this->wire('session')->redirect('/404/');
}
// The rest of the login occurs below:
if($this->wire('session')->login($name, $pass)) {
	//....
}

I'm sure you can hook it before the session login but I didn't bother looking into it so I'm going to just leave it in the process module for now and see what gets captured. It might just be google previewing the url before I visit it or something.

We'll see.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...