Mautic Hack Attempts

magnush · February 6, 2018, 10:59am

Access Logs from a <1 day old Mautic installation:
https://imgur.com/a/oc8gz

This is everything that is not me logging into and using mautic.

There’s someone checking to see if I am running wordpress, what’s worrying is that after that they try and log in using the right URLs for Mautic, and so do two other IP addresses.

Is there a facility to track these attacks?

Magnus

kgroves · February 7, 2018, 9:27am

There are a lot of site scanners out there and while WP is the post likely attack target there has been a few Mautic vulnerabilities so it is only natural scanners are going to add those urls to their tool kit. Best thing is to lock down access to Mautic login areas to fixed IPs via web server restrictions and possibly look at implementing fail2ban to block IPs. I’ve not looked at the Mautic logs to see if it logs failed logins for this to work. If not then you would need another method to block IP access.

magnush · February 7, 2018, 9:41am

That’s great, thanks very much.

Is there a prescribed way to lock down the login area without interfering with the general functioning of Mautic?

Also it would be nice if there were tripwires and alerts to your email when someone logged in, or something like that.

kgroves · March 5, 2018, 4:10pm

Hi, sorry for the delay I’m not often in here any more. Locking down requires knowing how to deal with Apache access rules such as blocking (or allowing) the various url paths like /s/ and other ones. Ideally you would allow everything other than the login areas and for those only allow access to specific IPs to stop anyone getting in. Same can be said to other platforms such as Wordpress.

As far as emails and alerts, that is a whole other set of problems like scanning web logs for example. As far as I know there are no off the shelf solutions for this. I’ve done my own thing for this and its unlikely how mine works is how anyone else would want it to work so no chance it will be of use.

Its not a fool proof process, running servers that are exposed to the public Internet is a difficult thing at times. So many threats and that requires some expertise or finding someone with it who can help.

kgroves · March 12, 2018, 11:44am

Interesting projects those. The use of fail2ban though is a good move. Certainly one of the most effective defence tools out there.

IMspintheweb · March 17, 2018, 4:19pm

If you have root access to your server - this is an excellent security package, have been using it for years and love it

*It’s an affiliate link http://atomicorp.com/amember/aff/go/IMspintheweb

Topic		Replies	Views
Mautic Security & Limiting Access Product Support	9	1657	December 10, 2021
Securing your Mautic installation against unauthorized connections General Discussion	4	506	October 17, 2022
Protecting Mautic against DDOS? Product Support	9	216	September 2, 2022
Protect Mautic Directory General Discussion	8	205	January 21, 2017
Mautic not tracking https pages Product Support	24	1337	February 9, 2020

Mautic Hack Attempts

Related Topics