From fa9ca9613d94a6191fc9ef8f3d84ba22163d141c Mon Sep 17 00:00:00 2001 From: Leonetienne Date: Fri, 8 Apr 2022 22:06:03 +0200 Subject: [PATCH] Added ip logging for failed login attempts --- .gitignore | 1 + server.js | 14 ++++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2ff9464..6081413 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ *index-*.html /node_modules/ *.pem +/failed-login-attempts.txt diff --git a/server.js b/server.js index a5a55e2..d970d14 100755 --- a/server.js +++ b/server.js @@ -158,10 +158,19 @@ function testAuthentication(request, response) { response.end('Access granted! You\'re in!'); return; } else { + // Log failed login attempt + console.log('Failed login attempt by ' + request.connection.remoteAddress); + const now = new Date(); + fs.appendFile( + 'failed-login-attempts.txt', + '[' + (now.getDate()+1) + '.' + (now.getMonth()+1) + '.' + now.getFullYear() + ' ' + now.getHours() + ':' + now.getMinutes() + ':' + now.getSeconds() + '] Failed login attempt by ' + request.connection.remoteAddress + '\n', + () => {} + ); + response.writeHead(401, { 'Content-Type': 'text/html' }); - response.end('WOOP! WOOP! Invalid password!

Need to reset your password? Replace the password hash in config.yaml with a new one.
This password hashes to: ' + passwordHash + '.'); + response.end('WOOP! WOOP! Invalid password!
This attempt as been logged.

Need to reset your password? Replace the password hash in config.yaml with a new one.
This password hashes to: ' + passwordHash + '.'); return; } @@ -209,9 +218,6 @@ const serverOptions = { }; var server = https.createServer(serverOptions, function (request, response) { - // Handle requests here... - console.log(request.headers.referer); - // If request is trying to authenticate if (request.url == '/api--authenticate') { testAuthentication(request, response);