|
|||
|
|||
Is there an alert for failed login attempts to Web Interface ?
Two reasons for wanting this:- 1. I am accustomed to the Windows Server alert which is a good reminder about security and the many attempts that are made to "get in" 2. A customer may fail to gain rightful access and not mention it so a potential dissatisfied customer situation. If such an alert is not currently avialable I would suggest it as future development. Regards Sandy |
|
|||
|
|||
Hi,
Thanks for posting this. We have an active feature request to have RangerMSP Web Interface login audits; however, it's still on our list. I've added a vote on your behalf, and copied your comments to the file for review by the Product Management Team. Thanks for the feedback. Thanks again for the feedback. Regards, Rinat |
|
|||
|
|||
I am mostly concerned about the web interface.
As i read the latest news from big companies who have been hacked I often think of my own security. Here is a internet facing software with almost every business client we have with information like IP, passwords, license keys, etc. I cant even tell if someone is trying to hack it, let alone if it has been hacked. How far up the totem pole is security when you [commit] consider what to work on next? I know security isnt sexy, but it is very ugly when it goes south. What would be the fallout if even one CommitCRM user is hacked? How safe would the rest of us feel, and how hard will it be to win back trust? Last edited by nattivillin : July 5th, 2012 at 01:14 PM. Reason: Afterthought |
|
|||
|
|||
We spend decent amount of resources in that direction. In regards to the Web interface and securting - we strongly recommend that you use it with SSL (in case you don't). This way you password, and the entire communication, in encrypted end to end - from the Browser to the server and vice-versa.
|
|
|||
|
|||
We do not disagree here. It wasn't implemented to prevent logging eating all your diskspace (a common way to hack a system is to first put it out of space).
In any case, we do plan to support it in the future. For example, in our coming release we support a new API model which is API over http/s. IT also requires the caller to 'log in' programically and based on a specific request for this we are logging failed http call attempts. |
|
|||
|
|||
You could use a program to email you the last 50 lines of a log file, like
http://cybernetnews.com/tail-command-windows/ however, I am unable to find any useful information in the CommitWebInterfaceLog file. It appears Cipher Name = success, but no Ip address, username, nothing. So, one could grind away at a competitors CommitWeb, and not worry about detection, notification or lockout? +1 to bump this up on the "list" Another +1 for adding basic record security. Nothing is private in CommitCRM Fat Client to new technicians. We have to give full access to all accounts to new techs who sometimes only last a few weeks. The web interface is useful for field lookup and input, but for day to day help desk operations, its too limited. Please add basic record level security for users and groups. The web interface seems to generate plenty of "logging" to fill up disk space by itself, with useful information in it, like username and Ip Address, I don't see how it could be much worse? 07/23/2013 02:38 PM SSL status: "before/accept initialization" 07/23/2013 02:38 PM SSL status: "before/accept initialization" 07/23/2013 02:38 PM SSL status: "SSLv3 read client hello A" 07/23/2013 02:38 PM SSL status: "SSLv3 write server hello A" 07/23/2013 02:38 PM SSL status: "SSLv3 write change cipher spec A" 07/23/2013 02:38 PM SSL status: "SSLv3 write finished A" 07/23/2013 02:38 PM SSL status: "SSLv3 flush data" 07/23/2013 02:38 PM SSL status: "SSLv3 write certificate A" 07/23/2013 02:38 PM SSL status: "SSLv3 write server done A" 07/23/2013 02:38 PM SSL status: "SSLv3 flush data" 07/23/2013 02:38 PM SSL status: "SSLv3 read finished A" 07/23/2013 02:38 PM SSL status: "SSL negotiation finished successfully" 07/23/2013 02:38 PM SSL status: "SSL negotiation finished successfully" 07/23/2013 02:38 PM Cipher: name = RC4-SHA; description = RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 ; bits = 128; version = TLSv1/SSLv3; 07/23/2013 02:38 PM SSL status: "SSLv3 read client certificate A" 07/23/2013 02:38 PM SSL status: "SSL negotiation finished successfully" REM: Modifying file TSGrinder.Exe to CommitCRMGrinder.Exe and targeting local competitor......throttle set to 5,000 attemps per hour.........loading RainbowDictonary Attack1.txt... Processing....... |
|
|||
|
|||
To block your site from search spiders, create a text file robots.txt and place in your \CommitCRM\webinterface\files directory containing the text between the ======
=============== User-agent: * Disallow: / ==================== More on robots.txt here: http://www.robotstxt.org/robotstxt.html |
|
|||
|
|||
Thank you Lpopejoy, I am still running V5.7, waiting with baited breath for the new release scheduled for next month. That feature is not available in 5.7. Humm, Wonder what the secret is with that file location? Any junior tech should be able to root around and find it.....
|
|
|||
|
|||
Hi Guys I thought I would share a script I use to email the failed logon attempts to you. It will only email new attempts each time as it logs each line of text scanned in the registry
I have marked the lines you need to edit clearly so you should all be able to work it out. copy and paste it to notepad, and save it as a .vbs, MAKE Sure you execute it with administrative privileges or it wont be able to write to the registry. hope you enjoy: Const cdoSendUsingMethod = "http://schemas.microsoft.com/cdo/configuration/sendusing", _ cdoSendUsingPort = 2, _ cdoSMTPServer = "http://schemas.microsoft.com/cdo/configuration/smtpserver" Const ForReading = 1 Dim intStartAtLine, strFileCreateddate, i, strResults, strTextToScanFor 'who are you mailing to? strMailto = "EMAILADDRESS GOES HERE" 'default email address the message will be from strMailFrom = "EMAILFROMADDRESS GOES HERE" 'set SMTP email server address here strSMTPServer = "MAILSERVER IP GOES HERE" 'full path to the file you wish to monitor FileToRead = "\\SERVERNAME\<replace-with-the-path-to-the-failed-logins-log-file>" Set WshShell = WScript.CreateObject("WScript.Shell") On Error Resume Next strLastFileCheckedCreateDate = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\CreateDate") strLastFileLastLineChecked = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\LastLineChecked") On Error GoTo 0 Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set varFile = objFSO.GetFile(FileToRead) 'add more text to scan for by adding ,"item" to the array below ' for example, to search for two strings: ' array("text1","text2") arrTextToScanFor = Array("Invalid User Name or Password","error") strFileCreateDate = varfile.datecreated If CStr(strFileCreateDate) = CStr(strLastFileCheckedCreateDate) Then 'if the date when the current file was created DOES equal ' the date of the file that was checked last time - it's ' the same file. ' 'so, we would want to CONTINUE the search from where we ' last left off. 'MsgBox "TEST!" intStartAtLine = strLastFileLastLineChecked ElseIf strFileCreateDate <> strLastFileCheckedCreateDate Then 'if the date when the current file was created does not equal ' the date of the file that was checked last time - it's ' a new file that has been created. ' 'so, we would want to begin the search from the beginning of ' the file. intStartAtLine = 0 End If i = 0 Dim strNextLine 'MsgBox intStartAtLine Set objTextFile = objFSO.OpenTextFile(FileToRead, ForReading) Do While objTextFile.AtEndOfStream <> True If i < CInt(intStartAtLine) Then objTextFile.skipline Else 'MsgBox i strNextLine = objTextFile.Readline For each strItem in arrTextToScanFor If InStr(LCase(strNextLine),LCase(strItem)) Then strResults = strNextLine & vbcrlf & strResults 'MsgBox strResults End If Next End If i = i + 1 Loop 'MsgBox strResults objTextFile.close set WshShell = CreateObject("WScript.Shell") WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\FileChecked" , FileToRead, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\CreateDa te", strFileCreateDate, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastLineChec ked", i, "REG_SZ" WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastScanned" , Now, "REG_SZ" set WshShell = nothing If strResults <> "" Then Call sendmail(strMailFrom,strMailTo,"CommitCRM Web Failed Logon alert",strResults) '------------------------------------------------------------------------ 'Function EmailFile - email the warning file '------------------------------------------------------------------------ Function SendMail(strFrom,strTo,strSubject,strMessage) Dim iMsg, iConf, Flds On Error GoTo 0 '// Create the CDO connections. Set iMsg = CreateObject("CDO.Message") Set iConf = CreateObject("CDO.Configuration") Set Flds = iConf.Fields '// SMTP server configuration. With Flds .Item(cdoSendUsingMethod) = cdoSendUsingPort '// Set the SMTP server address here. .Item(cdoSMTPServer) = strSMTPServer .Update End With '// Set the message properties. With iMsg Set .Configuration = iConf .To = strMailTo .From = strMailFrom .Subject = strSubject .TextBody = strMessage End With 'iMsg.HTMLBody = strMessage '// Send the message. iMsg.Send ' send the message. If CStr(err.number) <> 0 Then Else End If End Function |
|
|||
|
|||
Yes, there has been some progress. First IIS can now used for better and more secure SSL connections. In addition, starting with version 16 we've introduced the ability to enable 2FA with the Web interface so hacking employee RangerMSP user credentials isn't enough. Besides, we have several other ideas here that should be added to future versions. Thanks!
|