Magento Brute Force

topwebs · December 13, 2015, 1:32pm

How do I stop magento brute force attacks? I don’t see that Magento is protected.

akabakov · December 14, 2015, 9:32am

To protect Magento from brute-force attacks you need to add its login page in file
/<path_to_cwaf>/cwaf/etc/userdata/userdata_login_pages and restart web-server.

If you use our plugin with some WHCMS (for example cPanel), it could be done with Comodo WAF - Userdata - Login Pages - Save.

akabakov · December 15, 2015, 9:59am

Is the Magento login-page login.phpml?

Hedloff · December 16, 2015, 10:05am

Standard I think it is /index.php/admin/

Would be great to have a rule for this as you have with Joomla/Wordpress

akabakov · December 16, 2015, 12:31pm

We’ll add it to the next rules update.

MH-Stefan · December 22, 2015, 10:34am

+1 for Magento brute force protection

I’ve added “/downloader/index.php” and “/downloader/” to Comodo CWAF » Userdata » Login Pages, but it doesn’t block the attacks.

Almost every morning I find a server overloaded because a domain keeps getting thousands of hits like these:

178.62.56.212 - - [22/Dec/2015:11:30:48 +0100] "GET /downloader/index.php?A=loggedin HTTP/1.1" 200 2604 "-" "-"
178.62.56.212 - - [22/Dec/2015:11:30:49 +0100] "POST /downloader/ HTTP/1.1" 302 0 "-" "-"

akabakov · December 24, 2015, 8:37am

I’m sorry, we need some time to reproduce this issue and find a solution.

TDmitry · December 25, 2015, 4:18pm

Hi, we have verified this issue and protection works on our side. URL which partially match any line of ‘userdata_login_pages’ is protected against series of POST requests.

Does Apache also fails to protect ‘userdata_login_pages’?

topwebs · December 29, 2015, 4:27pm

I don’t see anything for Magento in 1.59 update. When is it coming?

akabakov · December 30, 2015, 12:28pm

Hello.

Did you try to add part of URL to userdata_login_pages?

topwebs · December 30, 2015, 1:08pm

How do I stop userdata files from being overriden with every cwaf update? I am using cwaf as CPanel vendor, not plugin (had problems with plugin). Userdata files are at: /usr/local/apache/conf/modsec_vendor_configs/comodo_apache

oleg.tsygany · December 30, 2015, 2:34pm

Hi

This is complicated question and answer is ‘possible’

I’ll try to explain why.
cPanel have Perl script to perform vendor update (/usr/local/cpanel/scripts/modsec_vendor).
This script run once per day check if new version of rules available and download rules archive.
It extract archive to /usr/local/apache/conf/modsec_vendor_configs/ folder and certainly overwrite all files (including userdata)

If you have some knowledge in Perl/bash programming you can create script which will copy/symlink previously saved userdata to rules location.
This script can be called in /usr/local/cpanel/scripts/modsec_vendor at the end of sub update before return $all_ok; (line 184 in my setup)

Regards, Oleg