Mautic Community Forums

Mautic Hack Attempts

Access Logs from a <1 day old Mautic installation:
https://imgur.com/a/oc8gz

This is everything that is not me logging into and using mautic.

There’s someone checking to see if I am running wordpress, what’s worrying is that after that they try and log in using the right URLs for Mautic, and so do two other IP addresses.

Is there a facility to track these attacks?

Magnus

There are a lot of site scanners out there and while WP is the post likely attack target there has been a few Mautic vulnerabilities so it is only natural scanners are going to add those urls to their tool kit. Best thing is to lock down access to Mautic login areas to fixed IPs via web server restrictions and possibly look at implementing fail2ban to block IPs. I’ve not looked at the Mautic logs to see if it logs failed logins for this to work. If not then you would need another method to block IP access.

That’s great, thanks very much.

Is there a prescribed way to lock down the login area without interfering with the general functioning of Mautic?

Also it would be nice if there were tripwires and alerts to your email when someone logged in, or something like that.

Hi, sorry for the delay I’m not often in here any more. Locking down requires knowing how to deal with Apache access rules such as blocking (or allowing) the various url paths like /s/ and other ones. Ideally you would allow everything other than the login areas and for those only allow access to specific IPs to stop anyone getting in. Same can be said to other platforms such as Wordpress.

As far as emails and alerts, that is a whole other set of problems like scanning web logs for example. As far as I know there are no off the shelf solutions for this. I’ve done my own thing for this and its unlikely how mine works is how anyone else would want it to work so no chance it will be of use.

Its not a fool proof process, running servers that are exposed to the public Internet is a difficult thing at times. So many threats and that requires some expertise or finding someone with it who can help.

Interesting projects those. The use of fail2ban though is a good move. Certainly one of the most effective defence tools out there.

If you have root access to your server - this is an excellent security package, have been using it for years and love it

*It’s an affiliate link http://atomicorp.com/amember/aff/go/IMspintheweb