I would like to use fail2ban to block access to IPs that attempt too many time to log-in with wrong username/password. But I cannot find the logfile in which the failed log-in attempt is logged.
Can someone help me locate this logfile (or maybe enable it) ?
@Arthur, I noticed folder /cache/login/login_attempts/ has been created which contains entries for each of my failed attempts. But I’m not sure about the meaning of all these entries or what conclusions you may draw from them.
Hello @Arthur did you find a way to jail the Grav Admin logins with Fail2Ban?
Unfortunately, there is no response to your Issue opened on Github on Mar 8, 2022
I would also like to protect the Grav login.
Thanks and regards
joejac
Hello again @Arthur
I found in Grav documentation this feature:
"Brute force attacks are a popular choice for website intruders. It could come in the form of someone you know trying to guess your password over and over until they are finally successful or a bot flooding your site with login attempts until eventually the password has been discovered.
Grav’s flood protection (also known as rate limiting) feature makes these kinds of attacks exceptionally difficult. It allows you to set a number of failed login attempts within a specific amount of time before the account gets temporarily locked out. Additionally, you can restrict the amount of password reset requests applied to accounts before locking this feature out" Flood Protection | Grav Documentation
In the Login plugin, in the Security tab, it has, by default:
5 login attempts
10 minutes lock after 5 failed login attempts.
These values are configurable.
I tested it and it works fine. I think this feature is enough, it resembles Fail2ban.
Hello @joejac
Thank you for your answer, I didn’t pursue much further the attempts to protect grav admin login with Fail2Ban.
I also didn’t know about the flood protection integrated in the login plugin, but I’m really happy that it was there all this time (and thank you again for showing it to me).