Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Implement IP Ban After Multiple Failed Login Attempts #1013

Open
Annihilater opened this issue Jul 21, 2024 · 2 comments
Open

Feature Request: Implement IP Ban After Multiple Failed Login Attempts #1013

Annihilater opened this issue Jul 21, 2024 · 2 comments

Comments

@Annihilater
Copy link

Background

I have noticed an issue where my deployed website is experiencing repeated brute force attacks. Below are some log entries showing multiple failed login attempts from the same IP address:

7/20/2024, 3:11:06 PM 	fd657034-bd60-488c-be1c-a8800dc5b7bf 	Failed to verify credentials client_ip: x.x.x.x error: user not found
7/20/2024, 3:11:05 PM 	32f7c332-27eb-40dd-a5a1-e5a09e189d9a 	Failed to verify credentials client_ip: x.x.x.x error: user not found
7/20/2024, 3:11:03 PM 	d2fb4212-9178-4926-8059-2c33cb5fd10c 	Failed to verify credentials client_ip: x.x.x.x error: user not found
7/20/2024, 3:11:02 PM 	9e4ba5ed-83ae-49d4-a8a2-28ae2d05d939 	Failed to verify credentials client_ip: x.x.x.x error: user not found

Request

I propose the implementation of a feature that bans an IP address for 30 days after it fails to verify credentials 3 times within a 5-minute window. This feature would help prevent brute force attacks and improve the security of the website.
Proposed Changes

  1. Track Failed Login Attempts: Implement a mechanism to track the number of failed login attempts for each IP address within a 5-minute window.
  2. Automatic IP Ban: Automatically ban any IP address that fails to verify credentials 3 times within 5 minutes for a duration of 30 days.
  3. Manual IP Ban via Configuration: Provide a configuration file where administrators can manually add IP addresses to be banned.

Example Implementation

Here is an example of how the proposed feature could be implemented:

  1. Tracking Failed Attempts: Maintain a map to track failed login attempts for each IP address along with timestamps.
  2. Automatic Ban Logic: Check the number of failed attempts within the 5-minute window and ban the IP address if it exceeds the threshold.
  3. Configuration File: Allow manual addition of banned IPs through a JSON configuration file.

Benefits

Improved Security: This feature would help mitigate brute force attacks by automatically banning suspicious IP addresses.
Flexibility: Administrators can manually add IPs to the ban list if they notice any suspicious activity.

Example JSON Configuration

{
    "banned_ips": [
        "47.237.27.243",
        "192.168.1.100"
    ]
}

Conclusion

Implementing this feature would significantly enhance the security of the website by preventing repeated brute force login attempts. Thank you for considering this request.

Given that this project is aimed at security, implementing a feature to prevent brute force attacks is essential.
@tieb62
Copy link

tieb62 commented Aug 15, 2024

Perhaps this could be achieved by parsing some kind of log file with fail2ban

@kekonn
Copy link
Contributor

kekonn commented Sep 5, 2024

Ideally this is something you want to do by parsing the log file with fail2ban, then setting the ban on the reverse proxy level to stop the request as soon as possible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kekonn @Annihilater @tieb62