gotthardp / lorawan-server

Compact server for private LoRaWAN networks
https://gotthardp.github.io/lorawan-server
MIT License
961 stars 330 forks source link

File Access Brute-force Attacks! #691

Open bachehkaraji opened 4 years ago

bachehkaraji commented 4 years ago

How to protect lorawan-server from Brute Force Attacks?

2019-12-06 10:24:23.972 [warning] <0.28984.3> server {http_error,{404,"/TP/public/index.php",<<>>,"45.81.130.116"}}
2019-12-06 10:24:25.186 [warning] <0.28986.3> server {http_error,{404,"/TP/index.php",<<>>,"45.81.130.116"}}
2019-12-06 10:24:27.237 [warning] <0.28988.3> server {http_error,{404,"/thinkphp/html/public/index.php",<<>>,"45.81.130.116"}}
2019-12-06 10:24:28.785 [warning] <0.28990.3> server {http_error,{404,"/html/public/index.php",<<>>,"45.81.130.116"}}
2019-12-06 10:24:30.013 [warning] <0.28992.3> server {http_error,{404,"/public/index.php",<<>>,"45.81.130.116"}}
2019-12-06 10:24:31.517 [warning] <0.28994.3> server {http_error,{404,"/TP/html/public/index.php",<<>>,"45.81.130.116"}}
2019-12-06 10:24:33.114 [warning] <0.28996.3> server {http_error,{404,"/elrekt.php",<<>>,"45.81.130.116"}}
2019-12-06 10:24:34.445 [warning] <0.28998.3> server {http_error,{404,"/index.php",<<>>,"45.81.130.116"}}
2019-12-06 10:24:36.210 [warning] <0.29000.3> server {http_error,{404,"/users?page=&size=5",<<>>,"45.81.130.116"}}
gotthardp commented 4 years ago

You could develop a fail2ban plugin that will block the IP address after several repeated attempts.

It would be a great contribution to the server as others may also use it.