View Issue Details

IDProjectCategoryView StatusLast Update
0003688Composrsecurityloggingpublic2019-06-27 19:03
ReporterChris GrahamAssigned To 
Severityfeature 
Status non-assignedResolutionopen 
Product Version 
Fixed in Version 
Summary0003688: Configurable hack-attack response behaviour
DescriptionComposr will detect many hack-attacks, but there is scope for false positives:

1) Badly written bots which accidentally trigger suspicious URLs (e.g. appending full URLs as 'id' parameters by incorrectly composing URLs).

2) On rare occasion, bugs.

3) Past bugs getting stuck in search engine crawl lists, or alien websites hosting old copies of pages.

4) Malicious actors triggering innocent people to call up certain URLs, in the hope to flood the logs or get users banned.

Additionally:

a) Bots may trigger floods of certain hack-attacks, causing lots of annoying notifications.

Currently you can disable auto-banning in the unlikely event that it becomes a problem, but that's not ideal.

Allow configuring any combination of a hack-attack codename, parameter 1 pattern, and a parameter 2 pattern - against special overrides on how to treat it. Those overrides would be:

i) Don't log
ii) Do log
iii) Don't notify
iv) Do notify
v) Don't trigger bans
vi) Do trigger bans

Composr would come with a few of these overrides by default, as we currently have some of it hard-coded.
TagsRoadmap: v11, Type: Security
Attach Tags
Time estimation (hours)6
Sponsorship open

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-09-27 18:00 Chris Graham New Issue
2018-09-27 18:00 Chris Graham Tag Attached: Type: Security
2018-09-27 18:01 Chris Graham Sponsorship open 0 =>
2018-09-27 18:01 Chris Graham Description Updated View Revisions
2018-09-27 18:01 Chris Graham Description Updated View Revisions
2018-09-27 20:25 Chris Graham Description Updated View Revisions
2019-06-27 19:03 Chris Graham Tag Attached: Roadmap: v11