search

warp-tech / warpgate

Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software
Apache License 2.0
3.9k stars 121 forks source link

Feature Request: Implement IP Ban After Multiple Failed Login Attempts #1013

Open Annihilater opened 3 months ago

Annihilater commented 3 months ago

Background

I have noticed an issue where my deployed website is experiencing repeated brute force attacks. Below are some log entries showing multiple failed login attempts from the same IP address:

7/20/2024, 3:11:06 PM   fd657034-bd60-488c-be1c-a8800dc5b7bf    Failed to verify credentials client_ip: x.x.x.x error: user not found
7/20/2024, 3:11:05 PM   32f7c332-27eb-40dd-a5a1-e5a09e189d9a    Failed to verify credentials client_ip: x.x.x.x error: user not found
7/20/2024, 3:11:03 PM   d2fb4212-9178-4926-8059-2c33cb5fd10c    Failed to verify credentials client_ip: x.x.x.x error: user not found
7/20/2024, 3:11:02 PM   9e4ba5ed-83ae-49d4-a8a2-28ae2d05d939    Failed to verify credentials client_ip: x.x.x.x error: user not found

Request

I propose the implementation of a feature that bans an IP address for 30 days after it fails to verify credentials 3 times within a 5-minute window. This feature would help prevent brute force attacks and improve the security of the website. Proposed Changes

  1. Track Failed Login Attempts: Implement a mechanism to track the number of failed login attempts for each IP address within a 5-minute window.
  2. Automatic IP Ban: Automatically ban any IP address that fails to verify credentials 3 times within 5 minutes for a duration of 30 days.
  3. Manual IP Ban via Configuration: Provide a configuration file where administrators can manually add IP addresses to be banned.

Example Implementation

Here is an example of how the proposed feature could be implemented:

  1. Tracking Failed Attempts: Maintain a map to track failed login attempts for each IP address along with timestamps.
  2. Automatic Ban Logic: Check the number of failed attempts within the 5-minute window and ban the IP address if it exceeds the threshold.
  3. Configuration File: Allow manual addition of banned IPs through a JSON configuration file.

Benefits

Improved Security: This feature would help mitigate brute force attacks by automatically banning suspicious IP addresses. Flexibility: Administrators can manually add IPs to the ban list if they notice any suspicious activity.

Example JSON Configuration

{
    "banned_ips": [
        "47.237.27.243",
        "192.168.1.100"
    ]
}

Conclusion

Implementing this feature would significantly enhance the security of the website by preventing repeated brute force login attempts. Thank you for considering this request.

Given that this project is aimed at security, implementing a feature to prevent brute force attacks is essential.

tieb62 commented 3 months ago

Perhaps this could be achieved by parsing some kind of log file with fail2ban

kekonn commented 2 months ago

Ideally this is something you want to do by parsing the log file with fail2ban, then setting the ban on the reverse proxy level to stop the request as soon as possible.