search

thinkst / opencanary

Modular and decentralised honeypot
http://opencanary.org
BSD 3-Clause "New" or "Revised" License
2.27k stars 355 forks source link

Alerts are alerting anytime something hits the IP address #231

Closed cgibbsaces closed 1 year ago

cgibbsaces commented 1 year ago

Alerts are alerting anytime something hits the IP address of OpenCanary, such as a Ping, we only want to be alerted for invalid login's and the liking. Like when someone is actually attempting to login or bruteforcing not just when a prob hits the IP address or port. Does this make sense and is there an easy way to achieve this?

jayjb commented 1 year ago

Hi @cgibbsaces,

That doesnt sound right at all. So lets see if we can figure a way forward. What services do you have enabled on your Opencanary?

cgibbsaces commented 1 year ago

Yeah I work for an MSP and walked into this blind without knowing anything about setup and configuration, now that I have had more time to look at what is going on, currently I am working with the HTTP module going to a Synology page. So what it is alerting on that we don't want it to is the GET request. Specifically this logtype: LOG_HTTP_GET = 3000, so what I have tried so far is commenting that line out, obviously that didn't work, I have only dug into this for about an hour so forgive me if I am not looking at the code right or understanding how it all fits together. Next I did the following:

in logger.py I added a line in def log(self, logdata, retry=true) Right under the logdata = self.sanitizeLog(logdata) I did this: if 'logtype' in logdata is 'LOG_HTTP_GET': notify = false break Also Tried this: if 'logtype' in logdata is 'LOG_HTTP_GET': notify = false return And this: if 'logtype' in logdata is 'LOG_HTTP_GET': notify = false exit() #not surprised this didn't work and even if it did it would exit the application

Anyways all that did was keep opencanary from starting lol

Any tips? Does that help you understand better what I am trying to accomplish. Forgive me as well I have no professional experience in python only what I have dabbled in. so if I am way off base just let me know! Appreciate any help you can give me!!!

cgibbsaces commented 1 year ago

So, I figured out how to accomplish this. (Making it not alert on http GET requests). I was thinking about it last night and I was over thinking it. What I did was just comment out 1 line in the http.py file as follows:

under: def render_GET(self, request, loginFailed=False):

Comment out the following line: self.factory.log(logdata, transport=request.transport, logtype=logtype)

Closing issue