Notification on incorrect login

Use this forum to discuss possible implementation of a new feature before opening a ticket.
A developer shall edit the topic title with "[xxx]" where xxx is the id of the accompanying tracker id.
Duplicate posts about the same id. +1 posts are not allowed.
Post Reply
WildeFA
Posts: 5
Joined: Monday 07 December 2015 10:42
Target OS: Raspberry Pi
Domoticz version: v2.3530
Contact:

Notification on incorrect login

Post by WildeFA » Sunday 14 February 2016 11:30

Is it possible to get a e-mail notification when someone without autorisation is trying to login?

I can see it in the log file as it happens, but the log scrolls up and the message disappears.
Attachments
14-2-2016 10-22-56.jpg
14-2-2016 10-22-56.jpg (11.4 KiB) Viewed 988 times

User avatar
gizmocuz
Posts: 8652
Joined: Thursday 11 July 2013 18:59
Target OS: Raspberry Pi
Domoticz version: beta
Location: Top of the world
Contact:

Re: Notification on incorrect login

Post by gizmocuz » Saturday 20 February 2016 13:11

i think you can install fail2ban, and let this send an email ?
Quality outlives Quantity!

User avatar
jvdz
Posts: 1370
Joined: Tuesday 30 December 2014 20:25
Target OS: Raspberry Pi
Domoticz version: Stable
Location: Westland/Netherlands
Contact:

Re: Notification on incorrect login

Post by jvdz » Saturday 20 February 2016 15:27

For this very reason, I have setup the reverse proxy in nginx for the inbound connections and have fail2ban monitor that.
Added the Userids that have access from outside to the nginx userslist with the same userid/password combination as Domoticz.
This gives a me separate logfiles for all inbound access to domoticz and makes configuration fail2ban also pretty strait forward.
fail2ban sends me a telegram notification in case somebody tried to access the system with 2 failures, and the source IP Address gets banned for 10 minutes.

Jos

User avatar
gizmocuz
Posts: 8652
Joined: Thursday 11 July 2013 18:59
Target OS: Raspberry Pi
Domoticz version: beta
Location: Top of the world
Contact:

Re: Notification on incorrect login

Post by gizmocuz » Saturday 20 February 2016 16:00

dont need to install a reverse proxy... can be done without
Quality outlives Quantity!

User avatar
jvdz
Posts: 1370
Joined: Tuesday 30 December 2014 20:25
Target OS: Raspberry Pi
Domoticz version: Stable
Location: Westland/Netherlands
Contact:

Re: Notification on incorrect login

Post by jvdz » Saturday 20 February 2016 16:13

Fully understand it can be done without, but prefer the usage of nginx in front of domoticz for keeping things "clean". ;)
Also prefer to have the separate acccess and error logs generate by nginx to track access.

Jos

globalassist
Posts: 36
Joined: Monday 09 December 2013 17:51
Target OS: Windows
Domoticz version: Beta
Location: Netherlands
Contact:

Re: Notification on incorrect login

Post by globalassist » Friday 23 March 2018 15:22

Apologies for bumping up an old topic, but is it possible to get some notification if there is a succesfull login, or a few failed attempts?
I think that the security of my house is rather important and since more and more of my house is controlled by Domoticz (which is awesome :D ), my security needs for Domoticz are also increasing.
Any ideas about this? Would be great if it is an out-of-the-box feature and not with tools which are not user friendly like Fail2ban)

lost
Posts: 171
Joined: Thursday 10 November 2016 10:30
Target OS: Raspberry Pi
Domoticz version:
Contact:

Re: Notification on incorrect login

Post by lost » Saturday 24 March 2018 11:34

globalassist wrote:
Friday 23 March 2018 15:22
Apologies for bumping up an old topic, but is it possible to get some notification if there is a succesfull login, or a few failed attempts?
Any ideas about this? Would be great if it is an out-of-the-box feature and not with tools which are not user friendly like Fail2ban)
I must admit that, having runned ssh servers open to the outside world for years before using Domoticz, https is not targeted so much.

Code: Select all

$ sudo grep -i from: domoticz.txt | wc -l
54
$ sudo grep -i login domoticz.txt 
$ uptime
 10:16:12 up 6 days, 16:06,  2 users,  load average: 0,21, 0,17, 0,12
=> In almost 7 days uptime since last upgrade/restart, there was 54 accesses to Domoticz server (including a few from myself). None with a login failed attempt.

So, that's about 7 tries per day & probably from indexing robots (from google etc...) that just give-up on the login page. So you may evaluate if it's really a problem on your side. Compared to what I used to see on bruteforce ssh server attempts (could be up to several 10000's attempts per day & user-not-friendly, according to you, fail2ban did a very good job at calming this down to a few tens to hundreds), these figures on https are almost nothing. So I don't think it's worth the work to make a clic&forget stuff, especially if there is already proven solutions for this filtering/notification job.

Failed attempts are logged so you can already monitor this. You'll have to modify Domoticz startup to specify a log file. On a PI set it on a tmpfs ram file-system & as this file is not logrotated & kept open by Domoticz, you'll have to set a cron job to resize it to 0 (always open => can't be erased but resize using truncate command works) every week or so. You'll then be able to monitor manually using hereupper commands.

If you are more targeted, no choice: Make rules for fail2ban (ssh have predefined rules, Domoticz will not but searching forum/wiki you may find some) to be able to monitor this log file & ban IP's.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests