-
I try to run fail2ban to protect my Matrix from bruteforce login. I already found some "failregex" but don't work... What i found:
failregex = ^.+ - INFO - POST-.- - 8008 - Received request: POST /_matrix/client/r0/login?+.+ - INFO - POST-.- Got login request with identifier: {u'type': u'm.id.user', u'user': u'(.+?)'}, medium: None, address: None, user: u'.'+.+WARNING - - (Attempted to login as @. but they do not exist|Failed password login for user @.*)$`
failregex = .*synapse.*8008.*\n.*synapse.*8008.*None - <HOST> - 8008.*403.*
failregex = .*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Attempted to login as.*
.*::ffff:<HOST> - 8448 - Received request: POST.*\n.*Got login request.*\n.*Failed password login.* What Matrix send to logs myUseR = user who try to log in, my.ip.add.res = IP: 2021-10-03 01:12:02,895 - synapse.rest.client.login - 264 - INFO - POST-192 - Got login request with identifier: {'type': 'm.id.user', 'user': 'myUseR'}, medium: None, address: None, user: None
2021-10-03 01:12:03,084 - synapse.handlers.auth - 1314 - WARNING - POST-192 - Failed password login for user @myUseR:matrix.mydomain.com
2021-10-03 01:12:03,085 - synapse.http.server - 88 - INFO - POST-192 - <XForwardedForRequest at 0x14a1602767f0 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site='8008'> SynapseError: 403 - Invalid password
2021-10-03 01:12:03,085 - synapse.access.http.8008 - 410 - INFO - POST-192 - my.ip.add.res - 8008 - {None} Processed request: 0.191sec/-0.000sec (0.188sec, 0.000sec) (0.000sec/0.000sec/1) 52B 403 "POST /_matrix/client/r0/login HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" [0 dbevts]
2021-10-03 01:12:03,199 - synapse.rest.client.login - 264 - INFO - POST-193 - Got login request with identifier: {'type': 'm.id.user', 'user': 'myUseR'}, medium: None, address: None, user: None
2021-10-03 01:12:03,390 - synapse.handlers.auth - 1314 - WARNING - POST-193 - Failed password login for user @myUseR:matrix.mydomain.com
2021-10-03 01:12:03,391 - synapse.http.server - 88 - INFO - POST-193 - <XForwardedForRequest at 0x14a160970710 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site='8008'> SynapseError: 403 - Invalid password
2021-10-03 01:12:03,391 - synapse.access.http.8008 - 410 - INFO - POST-193 - my.ip.add.res - 8008 - {None} Processed request: 0.192sec/-0.000sec (0.190sec, 0.000sec) (0.000sec/0.000sec/1) 52B 403 "POST /_matrix/client/r0/login HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" [0 dbevts]
2021-10-03 01:12:03,521 - synapse.rest.client.login - 264 - INFO - POST-194 - Got login request with identifier: {'type': 'm.id.user', 'user': 'myUseR'}, medium: None, address: None, user: None
2021-10-03 01:12:03,551 - synapse.metrics - 598 - INFO - sentinel - Collecting gc 1
2021-10-03 01:12:03,714 - synapse.handlers.auth - 1314 - WARNING - POST-194 - Failed password login for user @myUseR:matrix.mydomain.com
2021-10-03 01:12:03,715 - synapse.http.server - 88 - INFO - POST-194 - <XForwardedForRequest at 0x14a160a1c390 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site='8008'> SynapseError: 403 - Invalid password
2021-10-03 01:12:03,715 - synapse.access.http.8008 - 410 - INFO - POST-194 - my.ip.add.res - 8008 - {None} Processed request: 0.195sec/-0.000sec (0.191sec, 0.001sec) (0.000sec/0.000sec/1) 52B 403 "POST /_matrix/client/r0/login HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" [0 dbevts]
2021-10-03 01:12:03,832 - synapse.rest.client.login - 264 - INFO - POST-195 - Got login request with identifier: {'type': 'm.id.user', 'user': 'myUseR'}, medium: None, address: None, user: None
2021-10-03 01:12:04,024 - synapse.handlers.auth - 1314 - WARNING - POST-195 - Failed password login for user @myUseR:matrix.mydomain.com
2021-10-03 01:12:04,025 - synapse.http.server - 88 - INFO - POST-195 - <XForwardedForRequest at 0x14a160aef358 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site='8008'> SynapseError: 403 - Invalid password
2021-10-03 01:12:04,025 - synapse.access.http.8008 - 410 - INFO - POST-195 - my.ip.add.res - 8008 - {None} Processed request: 0.193sec/-0.000sec (0.190sec, 0.001sec) (0.000sec/0.000sec/1) 52B 403 "POST /_matrix/client/r0/login HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" [0 dbevts]
2021-10-03 01:12:04,184 - synapse.rest.client.login - 264 - INFO - POST-196 - Got login request with identifier: {'type': 'm.id.user', 'user': 'myUseR'}, medium: None, address: None, user: None
2021-10-03 01:12:04,374 - synapse.handlers.auth - 1314 - WARNING - POST-196 - Failed password login for user @myUseR:matrix.mydomain.com
2021-10-03 01:12:04,375 - synapse.http.server - 88 - INFO - POST-196 - <XForwardedForRequest at 0x14a160279550 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site='8008'> SynapseError: 403 - Invalid password
2021-10-03 01:12:04,375 - synapse.access.http.8008 - 410 - INFO - POST-196 - my.ip.add.res - 8008 - {None} Processed request: 0.192sec/-0.000sec (0.189sec, 0.000sec) (0.000sec/0.000sec/1) 52B 403 "POST /_matrix/client/r0/login HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" [0 dbevts]
2021-10-03 01:13:01,940 - synapse.rest.client.login - 264 - INFO - POST-198 - Got login request with identifier: {'type': 'm.id.user', 'user': 'myUseR'}, medium: None, address: None, user: None
2021-10-03 01:13:02,142 - synapse.handlers.auth - 1314 - WARNING - POST-198 - Failed password login for user @myUseR:matrix.mydomain.com
2021-10-03 01:13:02,143 - synapse.http.server - 88 - INFO - POST-198 - <XForwardedForRequest at 0x14a160a3c748 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site='8008'> SynapseError: 403 - Invalid password
2021-10-03 01:13:02,143 - synapse.access.http.8008 - 410 - INFO - POST-198 - my.ip.add.res - 8008 - {None} Processed request: 0.203sec/-0.000sec (0.200sec, 0.000sec) (0.000sec/0.000sec/1) 52B 403 "POST /_matrix/client/r0/login HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" [0 dbevts]
2021-10-03 01:13:02,832 - synapse.rest.client.login - 264 - INFO - POST-199 - Got login request with identifier: {'type': 'm.id.user', 'user': 'myUseR'}, medium: None, address: None, user: None
2021-10-03 01:13:03,028 - synapse.handlers.auth - 1314 - WARNING - POST-199 - Failed password login for user @myUseR:matrix.mydomain.com
2021-10-03 01:13:03,029 - synapse.http.server - 88 - INFO - POST-199 - <XForwardedForRequest at 0x14a16027d780 method='POST' uri='/_matrix/client/r0/login' clientproto='HTTP/1.1' site='8008'> SynapseError: 403 - Invalid password
2021-10-03 01:13:03,029 - synapse.access.http.8008 - 410 - INFO - POST-199 - my.ip.add.res - 8008 - {None} Processed request: 0.197sec/-0.000sec (0.194sec, 0.000sec) (0.000sec/0.000sec/1) 52B 403 "POST /_matrix/client/r0/login HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" [0 dbevts] TIA! |
Beta Was this translation helpful? Give feedback.
Answered by
sebres
Oct 19, 2021
Replies: 1 comment 7 replies
-
The log-excerpt seems not to have the IP address or host name of evildoer, have it? What do you want to capture with the |
Beta Was this translation helpful? Give feedback.
7 replies
Answer selected by
b0n3v
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The log-excerpt seems not to have the IP address or host name of evildoer, have it? What do you want to capture with the
<HOST>
tag?If I'm wrong, please show me the line and the address in your log-excerpt.