Announcement

Collapse
No announcement yet.

Alert for Failed Login

Collapse
X
 
  • Filter
  • Time
Clear All
new posts

    Alert for Failed Login

    Is there an alert for failed login attempts to Web Interface ?

    Two reasons for wanting this:-

    1. I am accustomed to the Windows Server alert which is a good reminder about security and the many attempts that are made to "get in"
    2. A customer may fail to gain rightful access and not mention it so a potential dissatisfied customer situation.

    If such an alert is not currently avialable I would suggest it as future development.

    Regards

    Sandy

    Re: Alert for Failed Login

    Hi,

    Thanks for posting this.
    We have an active feature request to have RangerMSP Web Interface login audits; however, it's still on our list. I've added a vote on your behalf, and copied your comments to the file for review by the Product Management Team. Thanks for the feedback.

    Thanks again for the feedback.

    Regards,
    Rinat

    Comment


      Re: Alert for Failed Login

      Are logins "logged" anywhere?

      Comment


        Re: Alert for Failed Login

        Hi Luke,

        In some cases we can pull information about Web logins. Should it be required please contact us by email to discuss the available options.

        Regards,
        Rinat

        Comment


          Re: Alert for Failed Login

          Any traction on this?

          Comment


            Re: Alert for Failed Login

            We have it filed. At this stage we do not have any related news to share.

            Comment


              Re: Alert for Failed Login

              I am mostly concerned about the web interface.

              As i read the latest news from big companies who have been hacked I often think of my own security. Here is a internet facing software with almost every business client we have with information like IP, passwords, license keys, etc.

              I cant even tell if someone is trying to hack it, let alone if it has been hacked.

              How far up the totem pole is security when you [commit] consider what to work on next? I know security isnt sexy, but it is very ugly when it goes south.

              What would be the fallout if even one CommitCRM user is hacked? How safe would the rest of us feel, and how hard will it be to win back trust?
              Last edited by nattivillin; July 5, 2012, 01:14 PM. Reason: Afterthought

              Comment


                Re: Alert for Failed Login

                We spend decent amount of resources in that direction. In regards to the Web interface and securting - we strongly recommend that you use it with SSL (in case you don't). This way you password, and the entire communication, in encrypted end to end - from the Browser to the server and vice-versa.

                Comment


                  Re: Alert for Failed Login

                  Still doesn't tell us if someone is trying to break in. A cheap $25 router logs bad login attempts. Even Windows 95 would tell you if you knew where to look.

                  I cant believe something as sophisticated as CommitCRM doesn't.

                  Comment


                    Re: Alert for Failed Login

                    We do not disagree here. It wasn't implemented to prevent logging eating all your diskspace (a common way to hack a system is to first put it out of space).
                    In any case, we do plan to support it in the future.
                    For example, in our coming release we support a new API model which is API over http/s. IT also requires the caller to 'log in' programically and based on a specific request for this we are logging failed http call attempts.

                    Comment


                      Re: Alert for Failed Login

                      You could use a program to email you the last 50 lines of a log file, like
                      http://cybernetnews.com/tail-command-windows/ however, I am unable to find any useful information in the CommitWebInterfaceLog file. It appears Cipher Name = success, but no Ip address, username, nothing.

                      So, one could grind away at a competitors CommitWeb, and not worry about detection, notification or lockout? +1 to bump this up on the "list"

                      Another +1 for adding basic record security. Nothing is private in CommitCRM Fat Client to new technicians. We have to give full access to all accounts to new techs who sometimes only last a few weeks. The web interface is useful for field lookup and input, but for day to day help desk operations, its too limited. Please add basic record level security for users and groups.

                      The web interface seems to generate plenty of "logging" to fill up disk space by itself, with useful information in it, like username and Ip Address, I don't see how it could be much worse?

                      07/23/2013 02:38 PM SSL status: "before/accept initialization"
                      07/23/2013 02:38 PM SSL status: "before/accept initialization"
                      07/23/2013 02:38 PM SSL status: "SSLv3 read client hello A"
                      07/23/2013 02:38 PM SSL status: "SSLv3 write server hello A"
                      07/23/2013 02:38 PM SSL status: "SSLv3 write change cipher spec A"
                      07/23/2013 02:38 PM SSL status: "SSLv3 write finished A"
                      07/23/2013 02:38 PM SSL status: "SSLv3 flush data"
                      07/23/2013 02:38 PM SSL status: "SSLv3 write certificate A"
                      07/23/2013 02:38 PM SSL status: "SSLv3 write server done A"
                      07/23/2013 02:38 PM SSL status: "SSLv3 flush data"
                      07/23/2013 02:38 PM SSL status: "SSLv3 read finished A"
                      07/23/2013 02:38 PM SSL status: "SSL negotiation finished successfully"
                      07/23/2013 02:38 PM SSL status: "SSL negotiation finished successfully"
                      07/23/2013 02:38 PM Cipher: name = RC4-SHA; description = RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
                      ; bits = 128; version = TLSv1/SSLv3;
                      07/23/2013 02:38 PM SSL status: "SSLv3 read client certificate A"
                      07/23/2013 02:38 PM SSL status: "SSL negotiation finished successfully"

                      REM: Modifying file TSGrinder.Exe to CommitCRMGrinder.Exe and targeting local competitor......throttle set to 5,000 attemps per hour.........loading RainbowDictonary Attack1.txt... Processing.......

                      Comment


                        Re: Alert for Failed Login

                        In the meanwhile, you may want to exclude your CommitCRM server from Google spider searches with a robot.txt . A recent search for /files/cmtcustlogin.html turned up many listings.....WAY too many listings for IT companies that should be concerned with security.

                        Comment


                          Re: Alert for Failed Login

                          To block your site from search spiders, create a text file robots.txt and place in your \CommitCRM\webinterface\files directory containing the text between the ======
                          ===============
                          User-agent: *
                          Disallow: /
                          ====================
                          More on robots.txt here: http://www.robotstxt.org/robotstxt.html

                          Comment


                            Re: Alert for Failed Login

                            Check <removed* >. I think that's what you are looking for.

                            --

                            * Edited By Support Team:
                            Thanks! However, reference was removed for security reasons.

                            Comment


                              Re: Alert for Failed Login

                              Thank you Lpopejoy, I am still running V5.7, waiting with baited breath for the new release scheduled for next month. That feature is not available in 5.7. Humm, Wonder what the secret is with that file location? Any junior tech should be able to root around and find it.....

                              Comment

                              Working...
                              X