rejetto forum

see bad pass/username

Lebjo · 33 · 17248

0 Members and 2 Guests are viewing this topic.

Offline Lebjo

  • Occasional poster
  • *
    • Posts: 15
    • View Profile
Hi
I need some info.....

Eg;
Somebody whant access to my 'locked' folder.. if he insert a bad pass/username.... can i see what he inserted? (pass/user) (log .....?? )


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13310
    • View Profile
HFS will show the info only if the username is correct (but wrong password).
if you need more, we must go with scripting. let me know.


Offline Lebjo

  • Occasional poster
  • *
    • Posts: 15
    • View Profile
Yes, i need more info in log, what password and name he typing..
egsample
I have created 1 user named "JUSTTEST"

Somebody what to login and typing: user - "TOM", pass - "123"

and.. in log i want see
"""01:33:05 123 TOM@127.0.0.1:2517 Login failed""" - Bad password/username
« Last Edit: March 09, 2009, 11:34:14 PM by Lebjo »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13310
    • View Profile
it cannot be done with current version, sorry.

but next 2.3 beta build #229 will let you put this in the event script file (ALT+F6).

[unauthorized]
{.add to log|Bad login: %user% / %password%.}


Offline Lebjo

  • Occasional poster
  • *
    • Posts: 15
    • View Profile

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13310
    • View Profile

Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile

but next 2.3 beta build #229 will let you put this in the event script file (ALT+F6).

[unauthorized]
{.add to log|Bad login: %user% / %password%.}
Works in regular log, but not apache format.  :(
« Last Edit: March 11, 2009, 05:58:55 AM by r][m »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13310
    • View Profile
apache logs contains only requests.
the "add to log" is a free form of logging, and i guess it should not be included in apache format.
because i guess people using the apache format uses log analyzers. i don't know how they would behave in such situation.
i see 2 paths
- we discuss and see why such "free form" should fit the apache format.
- you don't use "add to log" but "append", and write directly to the apache format what you want.


Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile
apache logs contains only requests.
the "add to log" is a free form of logging, and i guess it should not be included in apache format.
because i guess people using the apache format uses log analyzers. i don't know how they would behave in such situation.
i see 2 paths
- we discuss and see why such "free form" should fit the apache format.
- you don't use "add to log" but "append", and write directly to the apache format what you want.

You added %z to apache log format. I used it
Quote
%h %l %u %t "%r" %>s %b "%{Referer}i %z" "%{User-Agent}i"
inside referer section. It produces result as screenshot attached. It could have been added to Request
section. Can't say what the result would be, of adding something else. But bad password would be nice
to have. Screen shot is of Analog 6.0 and at least lists the ~upload thats made.
When I can find some time I'll try append to see if it might be used some way, but I doubt it. Analog has a pretty narrow focus.
There is a better way, but we've been through that before :(


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13310
    • View Profile
i was partially wrong.
yes, "apache logs contains only requests", but a bad password is actually a request (rejected).
so, my question now is: this "bad" request should already be logged in apache-format when the "only served requests" is disabled.
if you confirm this, i guess the only thing you miss is the "password" information.
am i right?



Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile
iso, my question now is: this "bad" request should already be logged in apache-format when the "only served requests" is disabled.
if you confirm this, i guess the only thing you miss is the "password" information.
am i right?
Only served requests is disabled.
Bad login is only refered to as 401, or as "failure" in various report sections in Analog.
No reason given. Event scripts don't show with apache format.
I fear apache format is becomming inadequate as HFS evolves.
I'm working on the event scripts and "add to log" (regular log).
I think this may be a better direction, and is showing promise, but I may need help eventually.
It will be some hours before I'll know whats possible.
Is there any hope that you might make a small (but badly needed) change to the regular log?


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13310
    • View Profile
Bad login is only refered to as 401, or as "failure" in various report sections in Analog.
No reason given.

a 401 with a username is a "bad password".
what are you missing?

Quote
Is there any hope that you might make a small (but badly needed) change to the regular log?

how can i answer without knowing what you are talking about :)


Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile
r][m said
Quote
Event scripts don't show with apache format
Actually I was partially wrong, if you login by clicking on a protected
folder event scripts show in the HFS log window. If you use /~login
they do not.
Rejetto said
Quote
how can i answer without knowing what you are talking about
It might not be needed if I can use special events to make a special log work like...
Code: [Select]
[unauthorized]
{.unauthorized|{.append|/Server/Admin/log_file/New-Log.txt|Bad login:%date%-%time%-%user%-%password%.}
and it does work, but it appends the text in notepad like...
One line of textOne line of textOne line of text
Instead of...
One line of text
One line of text
Google finds lots of info on this, but I haven't been able to make anything work. Without proper
display, its useless.
Any idea on how to fix this?


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2042
    • View Profile
The solution which is possible is to use \t and \n, they will be converted in tabulation and return to the line

Quote
  procedure save();
  begin result:=if_(saveFile(uri2diskMaybeFolder(p), xtpl(pars[1], ['\\','\|','\t',#09,'\n',CRLF,'\|','\']), name='append'), ' ') end;   // mars

\\t and \\n are converted to \t and \n ( no TAB and no CRLF )

the other way is using two macro {.crlf.} {.tab.} to obtain the same result.

Quote
    if name = 'crlf' then
      result:=CRLF;

    if name = 'tab' then
      result:=#09;

To convert any text in the same way, it is advisable to use the macro {.replace|... .} under this shape:
{.replace|\\|<//>|\t|{.tab.}|\n|{.crlf.}|<//>|\| your text\t is converted\n correctly.}


An example using both methods with hfs.events
Quote
[request]
{.append|hfs.test.log|user1: {.tab.} %user%1 {.crlf.}.}
{.append|hfs.test.log|user2: \t %user%2 \n.}
{.append|hfs.test.log|user3: \\t %user%3 \\n.}
{.append|hfs.test.log|\n next request \n.}
{.append|hfs.test.log|{.replace|\\|<//>|\t|{.tab.}|\n|{.crlf.}|<//>|\| your text\t is converted\n correctly.}
.}
hfs.test.log contain:
user1:     admin1
user2:     admin2
user3: \t admin3 \n
next request
your text    is converted
 correctly


For that to ask furthermore? ;)


 


Offline r][m

  • Tireless poster
  • ****
    • Posts: 347
    • View Profile
Mars
Many thanks for posting the codes. Since I'm not a programer,
my solution may not be technically correct, but it works  :)
This in event scripts produces a special log
Code: [Select]
[unauthorized]
\n{.unauthorized|{.append|/A Location You Choose/Spl-Log.txt|
Bad_Login: %date% %time% %ip% {.if|%user%|%user%|0.} %password%.}\n

[upload completed]
\n{.Upload completed|{.append|/A Location You Choose/Spl-Log.txt|
Upload_Completed: %date% %time% %ip% %user% %item-name%.}\n

[download completed]
\n{.download completed|{.append|/A Location You Choose/Spl-Log.txt|
Download_Completed: %date% %time% %ip% %user% %item-name%.}\n
This makes the more important server data easy to analyze.