Hi Joan, Thank you for your contribution - the proper place for the page should be under http://www.opensips.org/Resources/DocsTutorials , like http://www.opensips.org/Resources/Fail2ban...
If you want, I can help you with the migration. Thanks and regards, Bogdan Joan wrote: > Hey, I finally was able to open an account in the wiki (it's quite > strange wiki system tough). > In any case I could create this entry: > http://www.opensips.org/PmWiki/Fail2ban > > But currently is not referenced from anywhere, could someone make it > indexable from the wiki content!. > > And thanks for the people who helped with the code! > > 2010/8/30 Joan <[email protected] <mailto:[email protected]>> > > Ok, I finally got all the pieces together. I wanted to create a > new page on the wiki with the information, but I couldn't find the > place to register. > > Shall I post it here so someone with the rights can create the > page? Or can someone point me to the page so I can register to > edit the wiki. > > 2010/8/27 <[email protected] > <mailto:[email protected]>> > > Hi Joan, > > Interesting idea. There are a few edge-cases you might want to > consider: > > 1. A legitimate client will have periodic auth failure due to > expired nonce serialization (see "nonce_expire" parameter). > This is expected behavior when the nonce cached by a client is > expired (by default every 30sec). The return code -3 from > www_authorize() indicates this case, and the reply to client > has stale=1 parameter. > > 2. Similar to above, a legitimate client will have auth > failure due to nonce serialization (see "disable_nonce_check" > parameter). This also has a -3 return code; however, the > response back to the client does NOT have the stale=1 parameter. > > 3. Generally the "first" request doesn't have any credentials > at all (because client doesn't have a nonce), and probably > isn't an "attack". Someone else one else suggested searching > for "Authorization" header field to detect this. You can also > detect this via the -4 return code. > > Thus, I'm suggesting something like: > $var(auth_code) = www_authorize(...); > if ( $var(auth_code) == -1 || $var(auth_code) == -2 ) { > xlog("L_ERR","Auth error for $...@$fd from $si cause > $var(auth_code)"); > } > if ( $var(auth_code) < 0 ) { > www_challenge(...); > exit; > } > > > Also, I wonder if it is possible store the data using > db_flatstore. Is there an interface to to call db_flatstore's > insert method from script land? avpops doesn't seem to have an > avp_db_insert() method. > > Regards, > Kennard > > Inactive hide details for Joan ---08/27/2010 08:25:11 > AM---Hello, Since some time ago there are plenty of hackers > trying to stoJoan ---08/27/2010 08:25:11 AM---Hello, Since > some time ago there are plenty of hackers trying to stole > > From: Joan <[email protected] <mailto:[email protected]>> > To: OpenSIPS users mailling list <[email protected] > <mailto:[email protected]>> > Date: 08/27/2010 08:25 AM > Subject: [OpenSIPS-Users] Log authentication errors > Sent by: [email protected] > <mailto:[email protected]> > > > ------------------------------------------------------------------------ > > > > Hello, > > Since some time ago there are plenty of hackers trying to stole > accounts and bruteforcing passwords. I would like to log all the > wrong authentications so I can use fail2ban to block those ips. > I've been reading all the mailing list history and I don't see > anything related althought is quite interesting. > I've been trying something and at the moment the best I could > do is this: > > if (is_method("REGISTER")) { > # authenticate the REGISTER requests > if (!www_authorize("", "subscriber")) { > xlog("L_ERR","Auth error for $...@$fd > from $si"); > www_challenge("", "0"); > exit; > } > > > So when the device tries to register with a wrong > password/username i > will log the errors. After that I still have to do the fail2ban > script, but that's quite easy. > I'd like to know your opinion about this. > > Thanks > > _______________________________________________ > Users mailing list > [email protected] <mailto:[email protected]> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] <mailto:[email protected]> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- Bogdan-Andrei Iancu OpenSIPS Bootcamp 20 - 24 September 2010, Frankfurt, Germany www.voice-system.ro _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
