I've asked this before, and it seems like there is a way, but I forget what it is: is there a way to monitor failed logins (i.e. hack attempts) on the web server?
Announcement
Collapse
No announcement yet.
Webserver, failed logins
Collapse
X
-
lpopejoy
- 942
Webserver, failed logins
-
Support Team
- 7532
Re: Webserver, failed logins
Yes, there is. Please send us an email to get the details.
-
BDTECHRob
- 124
Re: Webserver, failed logins
@ CommitCRM support does this notify in the former of an email? Or does this method rely on me manually checking the log for failures?
Comment
-
Support Team
- 7532
Re: Webserver, failed logins
It tracks failed logins and some other related information. It does not email you on each failed alert. We will be happy to provide you with more details on how to check this by email.
Comment
-
BDTECHRob
- 124
Re: Webserver, failed logins
if anyone is interested i have written a VB Script to monitor the log file and email you when failures occur
Comment
-
lpopejoy
- 942
Re: Webserver, failed logins
Lol, I'll sign up! Was going to use my RMM tool, but your plan will work too.
Comment
-
BDTECHRob
- 124
Re: Webserver, failed logins
The below script can be used to monitor any text based log file for pre determined text strings, it will only send you new events as it detects them and not send the entire history every time. just copy and paste to a text file and save with a .vbs extension then schedule a task to run every 5 minutes and you will know about invalid log on attempts as they happen.
Const cdoSendUsingMethod = "http://schemas.microsoft.com/cdo/configuration/sendusing", _
cdoSendUsingPort = 2, _
cdoSMTPServer = "http://schemas.microsoft.com/cdo/configuration/smtpserver"
Const ForReading = 1
Dim intStartAtLine, strFileCreateddate, i, strResults, strTextToScanFor
'who are you mailing to?
strMailto = "recipient@domain.com.au"
'default email address the message will be from
strMailFrom = "monitor@domain.com.au"
'set SMTP email server address here
strSMTPServer = "0.0.0.0"
'full path to the file you wish to monitor
FileToRead = "\\full\path\to\logfile.TXT"
Set WshShell = WScript.CreateObject("WScript.Shell")
On Error Resume Next
strLastFileCheckedCreateDate = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\CreateDate")
strLastFileLastLineChecked = WshShell.RegRead("HKLM\Software\RDScripts\CheckTXT File\LastLineChecked")
On Error GoTo 0
Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set varFile = objFSO.GetFile(FileToRead)
'add more text to scan for by adding ,"item" to the array below
' for example, to search for two strings:
' array("text1","text2")
arrTextToScanFor = Array("Invalid User Name or Password","error")
strFileCreateDate = varfile.datecreated
If CStr(strFileCreateDate) = CStr(strLastFileCheckedCreateDate) Then
'if the date when the current file was created DOES equal
' the date of the file that was checked last time - it's
' the same file.
'
'so, we would want to CONTINUE the search from where we
' last left off.
'MsgBox "TEST!"
intStartAtLine = strLastFileLastLineChecked
ElseIf strFileCreateDate <> strLastFileCheckedCreateDate Then
'if the date when the current file was created does not equal
' the date of the file that was checked last time - it's
' a new file that has been created.
'
'so, we would want to begin the search from the beginning of
' the file.
intStartAtLine = 0
End If
i = 0
Dim strNextLine
'MsgBox intStartAtLine
Set objTextFile = objFSO.OpenTextFile(FileToRead, ForReading)
Do While objTextFile.AtEndOfStream <> True
If i < CInt(intStartAtLine) Then
objTextFile.skipline
Else
'MsgBox i
strNextLine = objTextFile.Readline
For each strItem in arrTextToScanFor
If InStr(LCase(strNextLine),LCase(strItem)) Then
strResults = strNextLine & vbcrlf & strResults
'MsgBox strResults
End If
Next
End If
i = i + 1
Loop
'MsgBox strResults
objTextFile.close
set WshShell = CreateObject("WScript.Shell")
WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\FileChecked" , FileToRead, "REG_SZ"
WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\CreateDa te", strFileCreateDate, "REG_SZ"
WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastLineChec ked", i, "REG_SZ"
WshShell.RegWrite "HKLM\Software\RDScripts\CheckTXTFile\LastScanned" , Now, "REG_SZ"
set WshShell = nothing
'Insert email subject line below
If strResults <> "" Then Call sendmail(strMailFrom,strMailTo,"Email Subject",strResults)
'------------------------------------------------------------------------
'Function EmailFile - email the warning file
'------------------------------------------------------------------------
Function SendMail(strFrom,strTo,strSubject,strMessage)
Dim iMsg, iConf, Flds
On Error GoTo 0
'// Create the CDO connections.
Set iMsg = CreateObject("CDO.Message")
Set iConf = CreateObject("CDO.Configuration")
Set Flds = iConf.Fields
'// SMTP server configuration.
With Flds
.Item(cdoSendUsingMethod) = cdoSendUsingPort
'// Set the SMTP server address here.
.Item(cdoSMTPServer) = strSMTPServer
.Update
End With
'// Set the message properties.
With iMsg
Set .Configuration = iConf
.To = strMailTo
.From = strMailFrom
.Subject = strSubject
.TextBody = strMessage
End With
'iMsg.HTMLBody = strMessage
'// Send the message.
iMsg.Send ' send the message.
If CStr(err.number) <> 0 Then
Else
End If
End Function
Comment
Comment