diff options
author | Thomas Willingham <founder@kakste.com> | 2014-01-15 22:54:51 +0000 |
---|---|---|
committer | Thomas Willingham <founder@kakste.com> | 2014-01-15 22:54:51 +0000 |
commit | 9addc83520adada78ad339edd6abe666f65b7059 (patch) | |
tree | 8c3d7d952d465b2994b10442284de6294c36f1b0 | |
parent | a49704fdb6f6a4059a951edb2029c91809286eec (diff) | |
download | volse-hubzilla-9addc83520adada78ad339edd6abe666f65b7059.tar.gz volse-hubzilla-9addc83520adada78ad339edd6abe666f65b7059.tar.bz2 volse-hubzilla-9addc83520adada78ad339edd6abe666f65b7059.zip |
Log failed auth to it's own file so fail2ban doesn't have to parse MB of text
-rw-r--r-- | include/auth.php | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/include/auth.php b/include/auth.php index c0002e6c1..a92f998bf 100644 --- a/include/auth.php +++ b/include/auth.php @@ -34,6 +34,7 @@ function nuke_session() { */ function account_verify_password($email,$pass) { + $r = q("select * from account where account_email = '%s'", dbesc($email) ); @@ -46,7 +47,13 @@ function account_verify_password($email,$pass) { return $record; } } - logger('password failed for ' . $email); + $error = 'password failed for ' . $email; + logger($error); + // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention + $authlog = get_config('system', 'authlog'); + if ($authlog) + @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); + return null; } @@ -186,7 +193,13 @@ else { } if((! $record) || (! count($record))) { - logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); + $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']; + logger($error); + // Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention + $authlog = get_config('system', 'authlog'); + if ($authlog) + @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND); + notice( t('Login failed.') . EOL ); goaway(z_root()); } |