[HELP]How to add more info into Brute Force Monitor log?

darkbear

darkbear

Verified User
Joined
Jan 31, 2013
Messages
60
I want to know how can I add more infor into Brute Force Monitor's log file?
because sometime they just log:
14896038010000 93.89.225.20 [email protected] 1 exim1 2017-03-16 02:49:14 plain authenticator failed for ([93.89.225.20]) [93.89.225.20]: 535 Incorrect authentication data ([email protected])
14896037410000 93.89.225.20 user 1 exim1 2017-03-16 02:48:26 plain authenticator failed for ([93.89.225.20]) [93.89.225.20]: 535 Incorrect authentication data (set_id=user)

how can I add like: what password they was try to login ? because they just save down the userid only
because I want to know are they know that user's password or just try to use some stupid password(like password, password1, qwrty...)

many thanks
 
Why is that interesting? I feel like it's violating privacy to see users passwords.
The password is wrong, that's enough to tell the user. It does not matter if he has just one character wrong or is using a stupid pass. What do you want do accomplish? Tell them the used a stupid password?
If they get blocked enought in the firewall or by the BFM, they will learn at some point.

If you want to accomplish they don't use stupid passwords, it might be better to ask for a script which checks passwords when users change them, because they can always change them back to something stupid or too easy to bruteforce.
 
Because.... They are not my users..
I have no user login from USA... so that mean some1 is trying to hack their account.
 
Brute force monitor takes those lines from exim's logs, dovecot's logs, apache/nginx's logs and directadmin do not know what passwords they try. So you need to configure services or use tshark. You won't see successful logins in BFM, and won't see which password worked even if you configure services to log them for you. BFM lists only failed attempts.

Check this: http://stackoverflow.com/questions/22282073/how-exim-show-password-on-log-files or official documentation for more information on how to configure exim and dovecot to log passwords.
 
Because.... They are not my users..
Click to expand...
Just out of curiousity, what is the benefit of knowing the passwords tried in that case, since normally one just blocks these kind of attacks?
 
zEitEr said:
Brute force monitor takes those lines from exim's logs, dovecot's logs, apache/nginx's logs and directadmin do not know what passwords they try. So you need to configure services or use tshark. You won't see successful logins in BFM, and won't see which password worked even if you configure services to log them for you. BFM lists only failed attempts.

Check this: http://stackoverflow.com/questions/22282073/how-exim-show-password-on-log-files or official documentation for more information on how to configure exim and dovecot to log passwords.
Click to expand...

Thank you, and I just want to log the faild password, don't need to log their real password.
 
They always using a lot of ips from different countries
if you can see what password they was try... and you can know they just trying or they know the password.
 
Last edited:
Check the link and configure services to log passwords. That's up to you, Directadmin has no a switcher for this.
 
You must log in or register to reply here.
Back
Top