A question about logs (Website/App)

[Joveice]

Hello, I have a question about logging. etc I log when a user failed to login or is successful. this gets logged in a log file.

But I wanted to add the ability see this in my admin dashboard, so etc I search up John, and I can see that he failed to login 4 times the last 10 minutes. I also want to stop users from logging in even tho if it's successful if it's a different place than where they normally login from (Like facebook which blocks you if you login from another country, then you need to confirm from your email to login).

 

For this I where thinking to add the logs to the db, should you do this? or is this a nono? (Space, Security etc).

[myselfolli]

Why wouldn't you? If your database isn't secure then you have bigger problems to worry about, plus you can encrypt the logs if you want.

 

And you'll be storing the logs anyways, so why does it matter if you store them in a database rather than a file?

[Joveice]

1 hour ago, myselfolli said:

Why wouldn't you? If your database isn't secure then you have bigger problems to worry about, plus you can encrypt the logs if you want.

 

And you'll be storing the logs anyways, so why does it matter if you store them in a database rather than a file?

I only asked as I wasn't sure, everything I have ever used always logs to files instead of the DB  Thank you for your view on this!

[jde3]

Not sure what your working with here, it sounds quite custom but there are ways to do this on the firewall level with PF.

 

PF can take and IP in text output (or netblocks in CIDR) so if you can output the offending IP to a table, PF can then pickup and apply rules based on that. So you can apply a block on the network level and skip all of the custom app logging etc work.

 

There is also blacklistd.. I am not sure if apache or nginx have been patched to work with this yet or not however. httpd in openbsd might also have something..

 

In the mean time a textual list might be a slick approach but you'll need PF on your host and fancy script work.

[Joveice]

4 minutes ago, jde3 said:

Not sure what your working with here, it sounds quite custom but there are ways to do this on the firewall level with PF.

 

PF can read text ip address (or netblocks in CIDR) so if you can output the offending IP to a list, PF can then pickup and apply rules based on that. So you can apply a block on the network level and skip all of the custom app logging etc work.

 

There is also blacklistd.. I am not sure if apache or nginx have been patched to work with this yet or not however. httpd in openbsd might also have something..

 

In the mean time a textual list might be a slick approach but you'll need PF on your host and fancy script work.

Not what I want. I simply want to restrict access to a account if they login from another place / failed login attempts. With this I can tell "John" from USA that he needs to verify that he logged in from China before he is allowed in. If he didn't do that he will know that someone guessed his password and hopefully "John" is smart enough to change his password.