DA + LFD integration

[smtalk]

Hello,

May you use directadmin[.]com/features.php?id=1590 to detect login failures to DA and block particular IPs? DA already has build-in whitelists/blacklists for DA login screen, but the firewall approach would sound great.

Thank you!

[ForumAdmin]

This will be added to the next release of csf.

[smtalk]

Great! There are some new features detecting SquirrelMail, RoundCube and phpMyAdmin login failures on DirectAdmin servers, may you add them also?

phpMyAdmin: directadmin[.]com/features.php?id=1614
SquirrelMail & Roundcube: directadmin[.]com/features.php?id=1609

SquirrelMail log is enabled by default in CustomBuild 2.0 now also, so all of the web applications have authentication logs with CustomBuild 2.0 with no manual actions (just the "./build update; ./build phpmyadmin; ./build roundcube; ./build squirrelmail" is needed or update of these components).

From CSF side of view you'd need to check if the following file exists, and if they do, use them:
/var/www/html/roundcube/logs/errors
/var/www/html/squirrelmail/data/squirrelmail_access_log
/var/www/html/phpMyAdmin/log/auth.log

Thank you!

[mtk]

I vote +1 to add support in CSF to those new DA features!

[smtalk]

I also received a report that pure-ftpd failed logins are not taken care of: forum.directadmin[.]com/showthread.php?t=49483

Pure-FTPd logs by default to /var/log/messages. Authentication failed messages look like:

Code: Select all

Jul 25 23:54:48 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:54:54 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:54:59 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:04 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:13 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:23 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:35 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 25 23:55:54 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username1]
Jul 26 00:40:27 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username@domain[.]com]
Jul 26 01:34:50 box14 pure-ftpd: (?@8.8.4.4) [WARNING] Authentication failed for user [username2@domain[.]com]
Jul 26 04:31:50 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username@domain[.]com]
Jul 26 05:30:30 box14 pure-ftpd: (?@8.8.4.4) [WARNING] Authentication failed for user [username2@domain[.]com]
Jul 26 08:54:21 box14 pure-ftpd: (?@8.8.8.8) [WARNING] Authentication failed for user [username@domain[.]com]

As I am not authorized to paste URL links, I changed all occurrences of domain . com to domain[.]com.

[smtalk]

Are SquirrelMail/RoundCube/phpMyAdmin going to be added to LFD?

[DigitalConcepts]

I would like to second that motion, lfd does a great job and no server should be without this firewall
adding those logs to scan would be a nice addition ,
currently using BFM but it dont always take care of the problem, only notify

[nsc]

I do not see any more feedback from forum administrators.
Will those features be integrated into LFD?

I'm also voting +1 for this.

[ForumAdmin]

This has now been added to the new v7.50 release:
http://blog.configserver.com