Log failed login attempts

Anything you want added or changed in future versions of ZoneMinder? Post here and there's a chance it will get in! Search to make sure it hasn't already been requested.
Post Reply
hoolahoous
Posts: 10
Joined: Wed Nov 07, 2012 3:27 am

Log failed login attempts

Post by hoolahoous »

Currently if login attempt fails then there is no log. If failed attempts are logged in some file in /var/log/zm, then it will help monitor and prevent brute force attacks.
I was planning to use fail2ban to block attacker IP addresses, however I could not. Here is a temporary solution posted by one of the forum members..

http://www.zoneminder.com/forums/viewto ... t=fail2ban

This basically adds a line

Code: Select all

 error_log( "Unable to authenticate ZM web user with username '$username' and password '$password'" );
in

Code: Select all

"function userLogin( $username, $password="", $passwordHashed=false )".
With this, the failed logins are logged in apache error log.
The better solution will be to log the details and IP address of attacker in a zoneminder error log file.
Top
Post Reply

Return to “Feature Requests”