From a49704fdb6f6a4059a951edb2029c91809286eec Mon Sep 17 00:00:00 2001
From: Thomas Willingham <founder@kakste.com>
Date: Tue, 14 Jan 2014 03:50:32 +0000
Subject: Probably shouldn't list REGISTER_CLOSED sites on a list of open hubs.

---
 mod/dirsearch.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 7d41ca1b7..59a1d448d 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -233,7 +233,7 @@ function dirsearch_content(&$a) {
 
 
 function list_public_sites() {
-	$r = q("select * from site where site_access != 0 order by rand()");
+	$r = q("select * from site where site_access != 0 and site_register !=0 order by rand()");
 	$ret = array('success' => false);
 
 	if($r) {
@@ -269,4 +269,4 @@ function list_public_sites() {
 		}
 	}
 	return $ret;
-}		
\ No newline at end of file
+}		
-- 
cgit v1.2.3


From 9addc83520adada78ad339edd6abe666f65b7059 Mon Sep 17 00:00:00 2001
From: Thomas Willingham <founder@kakste.com>
Date: Wed, 15 Jan 2014 22:54:51 +0000
Subject: Log failed auth to it's own file so fail2ban doesn't have to parse MB
 of text

---
 include/auth.php | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/include/auth.php b/include/auth.php
index c0002e6c1..a92f998bf 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -34,6 +34,7 @@ function nuke_session() {
  */
 
 function account_verify_password($email,$pass) {
+
 	$r = q("select * from account where account_email = '%s'",
 		dbesc($email)
 	);
@@ -46,7 +47,13 @@ function account_verify_password($email,$pass) {
 			return $record;
 		}
 	}
-	logger('password failed for ' . $email);
+	$error = 'password failed for ' . $email;
+	logger($error);
+	// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
+	$authlog = get_config('system', 'authlog');
+	if ($authlog)
+	@file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
+
 	return null;
 }
 
@@ -186,7 +193,13 @@ else {
 		}
 
 		if((! $record) || (! count($record))) {
-			logger('authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']); 
+			$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
+			logger($error); 
+			// Also log failed logins to a separate auth log to reduce overhead for server side intrusion prevention
+		        $authlog = get_config('system', 'authlog');
+		        if ($authlog)
+		        @file_put_contents($authlog, datetime_convert() . ':' . session_id() . ' ' . $error . "\n", FILE_APPEND);
+
 			notice( t('Login failed.') . EOL );
 			goaway(z_root());
   		}
-- 
cgit v1.2.3