Open fpietrosanti opened 10 years ago
fpietrosanti
commented
9 years ago That's an old unfinished ticket to finalize fixing of pentest, that probably shall become part of the Flood Protection being something related to email alerting in case of bad things happens /cc @vecna @evilaliv3
vecna
commented
9 years ago We've many anomalies right now, some can be "security report" some can be "anomaly report".
Security: login failure(s) overcame a threshold. as proposed in #825 this can be managed with Token subsytem. If we notice the Admin, which is the "action" ?
Anomaly: a lots of submissions in the last window of time. If we notice the Admin, which is the "action" ?
Define these actions are required also to unblock #1198
vecna
commented
9 years ago implemented along the log refactor of #1435, the anomaly detection (failed_login > 4), and mail notification (part of log refactor)
Currently GlobaLeaks implement some attack detection logic against brute forcing and apply some countermeasure in order to block it.
However this kind of event is not logged nor notified to the administrator.
This ticket is to log properly the attacks in a dedicated "security log" and to trigger a notification to the administrator when a brute forcing attack is carried on and when it stop.
Together with brute forcing we should also log and alert wrong password/receipt attempt.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.