View Issue Details

IDProjectCategoryView StatusLast Update
0003688Composrsecurityloggingpublic2020-02-29 21:12
ReporterChris GrahamAssigned ToChris Graham 
Status resolvedResolutionfixed 
Product Version 
Fixed in Version 
Summary0003688: Configurable hack-attack response behaviour
DescriptionComposr will detect many hack-attacks, but there is scope for false positives:

1) Badly written bots which accidentally trigger suspicious URLs (e.g. appending full URLs as 'id' parameters by incorrectly composing URLs).

2) On rare occasion, bugs.

3) Past bugs getting stuck in search engine crawl lists, or alien websites hosting old copies of pages.

4) Malicious actors triggering innocent people to call up certain URLs, in the hope to flood the logs or get users banned.


a) Bots may trigger floods of certain hack-attacks, causing lots of annoying notifications.

Currently you can disable auto-banning in the unlikely event that it becomes a problem, but that's not ideal.

Allow configuring any combination of a hack-attack codename, parameter 1 pattern, and a parameter 2 pattern - against special overrides on how to treat it. Those overrides would be:

i) Don't log
ii) Do log
iii) Don't notify
iv) Do notify
v) Don't trigger bans
vi) Do trigger bans

Composr would come with a few of these overrides by default, as we currently have some of it hard-coded.
TagsRoadmap: v11, Type: Security
Attach Tags
Time estimation (hours)6
Sponsorship open


Chris Graham

2020-02-29 21:12

administrator   ~0006460

Implemented a little differently, via the same advanced_banning.xml file that was added recently. Documented it all clearly.

Issue History

Date Modified Username Field Change
2018-09-27 18:00 Chris Graham New Issue
2018-09-27 18:00 Chris Graham Tag Attached: Type: Security
2018-09-27 18:01 Chris Graham Sponsorship open 0 =>
2018-09-27 18:01 Chris Graham Description Updated View Revisions
2018-09-27 18:01 Chris Graham Description Updated View Revisions
2018-09-27 20:25 Chris Graham Description Updated View Revisions
2019-06-27 19:03 Chris Graham Tag Attached: Roadmap: v11
2020-02-29 21:12 Chris Graham Assigned To => Chris Graham
2020-02-29 21:12 Chris Graham Status non-assigned => resolved
2020-02-29 21:12 Chris Graham Resolution open => fixed
2020-02-29 21:12 Chris Graham Note Added: 0006460