Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
V3LSEC: Very3 Login Security
#1
Updates
  • 1.0.6 adds user-aware tab (can be hidden), improved form validation, inline help, bug fixes. 
  • 1.0.5 adds ability to disable IPinfo queries, color-coded logging, support URL on block page, log format changes, compatibility with GS 3.4.0a.
  • 1.0.2 fixes a problem with IPinfo logging when accessing GS from local loop (loopback, 127.0.0.1). 
Note
If you're updating from 1.0.2 and your report view is wonky, clear the logs from the settings page and that should fix it.

About
The Very3 Login Security Plugin mitigates brute-force and password guessing attacks against your GetSimple CMS login pages. Additionally the plugin provides granular notifications via email and text message (SMS), and logs location data based on the remote IP by utilizing the IPinfo API (free version, limited to 1000 requests per day). IPinfo queries can be disabled from the plugin's settings page if desired.

The main report page links the IP addresses to the ARIN Whois/RDAP search and the latitude / longitude coordinates to the OpenStreetMap search. The entire logged dataset can be viewed by clicking the record's datestamp field.

If you'd like to kick it up a notch, the Very3 Login Security Plugin also creates syslog entries that can be leveraged by services such as Fail2ban and OSSEC. Bam.

How does it work?
The Very3 Login Security Plugin utilizes the GS successful-login-start hook and attempts to verify the user name and password hash before completing the authentication flow. If the user does not exist or the login credentials appear to be bogus, a counter is incremented based on the user's IP address. Once the count reaches the configured threshold the plugin disallows any form authentication flow until the set timeout occurs or the block is cleared from the report page in the GS admin panel. The failed attempt threshold and timeout can be configured from the plugin's settings page.

Installation & Configuration
To install this plugin, download the zip file and extract to your GetSimple plugins folder. Once installed and activated, see the settings page under the "V3LSEC" tab for configuration options. For support, please visit the GetSimple Community Forum at http://get-simple.info/forums/showthread.php?tid=10896.

Out of the box, this plugin will block a remote IP address after 5 bad login attempts for 600 seconds (10 minutes) and does not send notifications. You must configure to/from email addresses (they can be the same) and select at least one "Send Email on..." option to receive email notifications. The SMS function requires that you have a Twilio account and select at least one "Send SMS on..." option to receive SMS notifications.

You can find the Very3 Login Security Plugin in the GetSimple Extend Repository at: 
http://get-simple.info/extend/plugin/v3l...rity/1211/

For more information see: https://github.com/verythree/v3lsec
Reply




Users browsing this thread: 1 Guest(s)