View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003688 | Composr | securitylogging | public | 2018-09-27 18:00 | 2020-02-29 21:12 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Severity | Feature-request | ||||
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0003688: Configurable hack-attack response behaviour | ||||
| Description | Composr will detect many hack-attacks, but there is scope for false positives: 1) Badly written bots which accidentally trigger suspicious URLs (e.g. appending full URLs as 'id' parameters by incorrectly composing URLs). 2) On rare occasion, bugs. 3) Past bugs getting stuck in search engine crawl lists, or alien websites hosting old copies of pages. 4) Malicious actors triggering innocent people to call up certain URLs, in the hope to flood the logs or get users banned. Additionally: a) Bots may trigger floods of certain hack-attacks, causing lots of annoying notifications. Currently you can disable auto-banning in the unlikely event that it becomes a problem, but that's not ideal. Allow configuring any combination of a hack-attack codename, parameter 1 pattern, and a parameter 2 pattern - against special overrides on how to treat it. Those overrides would be: i) Don't log ii) Do log iii) Don't notify iv) Do notify v) Don't trigger bans vi) Do trigger bans Composr would come with a few of these overrides by default, as we currently have some of it hard-coded. | ||||
| Tags | Roadmap: v11, Type: Security | ||||
| Time estimation (hours) | 6 | ||||
| Sponsorship open | |||||
|
|
Implemented a little differently, via the same advanced_banning.xml file that was added recently. Documented it all clearly. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-09-27 18:00 | Chris Graham | New Issue | |
| 2018-09-27 18:00 | Chris Graham | Tag Attached: Type: Security | |
| 2018-09-27 18:01 | Chris Graham | Sponsorship open | 0 => |
| 2018-09-27 18:01 | Chris Graham | Description Updated | View Revisions |
| 2018-09-27 18:01 | Chris Graham | Description Updated | View Revisions |
| 2018-09-27 20:25 | Chris Graham | Description Updated | View Revisions |
| 2019-06-27 19:03 | Chris Graham | Tag Attached: Roadmap: v11 | |
| 2020-02-29 21:12 | Chris Graham | Assigned To | => Chris Graham |
| 2020-02-29 21:12 | Chris Graham | Status | non-assigned => resolved |
| 2020-02-29 21:12 | Chris Graham | Resolution | open => fixed |
| 2020-02-29 21:12 | Chris Graham | Note Added: 0006460 |
