#3688 - Configurable hack-attack response behaviour
-
By Chris Graham
- Added
- 5 views
| Identifier | #3688 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Configurable hack-attack response behaviour |
| Status | Completed |
| Tags |
Roadmap: v11 (custom) Type: Security (custom) |
| Handling member | Chris Graham |
| Addon | securitylogging |
| Description | Composr will detect many hack-attacks, but there is scope for false positives:
1) Badly written bots which accidentally trigger suspicious URLs (e.g. appending full URLs as 'id' parameters by incorrectly composing URLs). 2) On rare occasion, bugs. 3) Past bugs getting stuck in search engine crawl lists, or alien websites hosting old copies of pages. 4) Malicious actors triggering innocent people to call up certain URLs, in the hope to flood the logs or get users banned. Additionally: a) Bots may trigger floods of certain hack-attacks, causing lots of annoying notifications. Currently you can disable auto-banning in the unlikely event that it becomes a problem, but that's not ideal. Allow configuring any combination of a hack-attack codename, parameter 1 pattern, and a parameter 2 pattern - against special overrides on how to treat it. Those overrides would be: i) Don't log ii) Do log iii) Don't notify iv) Do notify v) Don't trigger bans vi) Do trigger bans Composr would come with a few of these overrides by default, as we currently have some of it hard-coded. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments