+- Logic Machine Forum (https://forum.logicmachine.net)
+-- Forum: LogicMachine eco-system (https://forum.logicmachine.net/forumdisplay.php?fid=1)
+--- Forum: Scripting (https://forum.logicmachine.net/forumdisplay.php?fid=8)
+--- Thread: Wrong password (/showthread.php?tid=5042)
Wrong password - a455115 - 19.10.2023
Hello everyone,
I am interested in setting up email notifications for incorrect password entries. I would also like to limit the number of password entry attempts to enhance security. I have tried exploring the documentation and event-based scripting feature, but I haven't found a clear solution yet.
Is there a built-in feature or script to set up email notifications whenever an incorrect password is entered?
How can I limit the number of incorrect password entry attempts?
If there isn’t a built-in feature, could someone guide me on how to create a custom script for these functionalities?
Any help or guidance would be greatly appreciated. Thank you in advance!
Best regards,
RE: Wrong password - Daniel - 19.10.2023
LM has a build in brute force protection, it will block a user after 5 wrong attempts for a minute. You can see logs in user access logs. You can modify this example for your need.
https://forum.logicmachine.net/showthread.php?tid=4028&pid=26027#pid26027
RE: Wrong password - a455115 - 19.10.2023
(19.10.2023, 09:47)Daniel Wrote: LM has a build in brute force protection, it will block a user after 5 wrong attempts for a minute. You can see logs in user access logs. You can modify this example for your need.
https://forum.logicmachine.net/showthread.php?tid=4028&pid=26027#pid26027
I'm having trouble understanding how to capture a "failed attempt" to log into the system. Could you provide an example of how to log such an attempt?
RE: Wrong password - Daniel - 19.10.2023
Check this
Code:
items = db:getall([[
SELECT user_logs.*, users.name
FROM user_logs
JOIN users ON user_logs.login=users.login
ORDER BY user_logs.id DESC
LIMIT 50
]])
for _, item in ipairs(items) do
cls = toboolean(item.failed) and 'danger' or 'success'
log(item.login,item.name, cls, item.ip)
end RE: Wrong password - a455115 - 19.10.2023
(19.10.2023, 11:06)Daniel Wrote: Check this
Code:items = db:getall([[
SELECT user_logs.*, users.name
FROM user_logs
JOIN users ON user_logs.login=users.login
ORDER BY user_logs.id DESC
LIMIT 50
]])
for _, item in ipairs(items) do
cls = toboolean(item.failed) and 'danger' or 'success'
log(item.login,item.name, cls, item.ip)
end
This was the code I tried according to the example, but it doesn't work.
RE: Wrong password - Daniel - 19.10.2023
What doesn't work? It works for me.
RE: Wrong password - a455115 - 19.10.2023
(19.10.2023, 11:31)Daniel Wrote: What doesn't work? It works for me.
Log is empty, nothing is recorded. Is there anything else to do besides the code?
RE: Wrong password - Daniel - 19.10.2023
Do you have anything in Access logs?
RE: Wrong password - a455115 - 19.10.2023
Yes, Access log is ok, but log is empty.
I tested in http://4n.lv:7999/apps/, results is same. Log is empty.
RE: Wrong password - Daniel - 19.10.2023
This is a special LM where many features are blocked for security, it works on my local LM.
RE: Wrong password - Daniel - 19.10.2023
which fw do you have? Any errors?
RE: Wrong password - a455115 - 19.10.2023
(19.10.2023, 11:46)Daniel Wrote: which fw do you have? Any errors?
latest firmware version. There are no errors. I will try again later and write, but I think it is not entering the cycle.
RE: Wrong password - Daniel - 19.10.2023
Add some static logs to check, maybe it is copy paste issue, use the copy button above my script.
RE: Wrong password - admin - 19.10.2023
Daniel's code will only log existing normal users (not admin). This script will log only failed attempts for all users:
Code:
items = db:getall([[
SELECT *
FROM user_logs
WHERE failed=1
ORDER BY user_logs.id DESC
LIMIT 50
]])
for _, item in ipairs(items) do
log(item.login, item.ip, item.created)
endRE: Wrong password - a455115 - 20.10.2023
(19.10.2023, 12:58)admin Wrote: Daniel's code will only log existing normal users (not admin). This script will log only failed attempts for all users:Hello admin,
Code:items = db:getall([[
SELECT *
FROM user_logs
WHERE failed=1
ORDER BY user_logs.id DESC
LIMIT 50
]])
for _, item in ipairs(items) do
log(item.login, item.ip, item.created)
end
This script is functioning, but it logs full even when there is just one incorrect password attempt. Could you please explain what it does exactly? I want it to log only the actual instances of entering the wrong password.
RE: Wrong password - Daniel - 20.10.2023
All logins are saved in DB and this script is just browsing the DB for all failed attempts. If you set limit to 1 it will give you only the last one but this is not an event action it is just pure reading what is in the DB.