DB Failed Attempts

Discussions about new features or changes in existing features

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

DB Failed Attempts

Postby carpenox » Thu Apr 30, 2020 4:44 pm

Is there any way to setup a report that will display the following from phpmyadmin but with an automatic refresh rate to watch for hacking attempts on the DB?

Image

Is there already a way to do this?

Also I have asked before but no responded, what about generating a report with the VB-Firewall that shows in real time anyone trying to hack into the system? A monitoring tool if you will.

Thanks,

-Nox
Alma Linux 8.5 | Version: 2.14-858a | BUILD: 220513-0819 | SVN Version: 3602 | DB Schema Version: 1661 | Asterisk 16.17.0-vici
www.CyburDial.net -:- 725-22-CYBUR -:- My Blog: http://vicidial.blog -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 1845
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: DB Failed Attempts

Postby carpenox » Sat Jul 03, 2021 10:06 pm

Any ideas for this Matt?
Alma Linux 8.5 | Version: 2.14-858a | BUILD: 220513-0819 | SVN Version: 3602 | DB Schema Version: 1661 | Asterisk 16.17.0-vici
www.CyburDial.net -:- 725-22-CYBUR -:- My Blog: http://vicidial.blog -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 1845
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: DB Failed Attempts

Postby mflorell » Sun Jul 04, 2021 7:36 am

I would consider these specific requests outside of the scope of VICIdial itself, since they don't directly involve VICIdial. I'm sure there are utilities somewhere that can do this already, even if they're just plugins to Nagios or iCinga.
mflorell
Site Admin
 
Posts: 17995
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: DB Failed Attempts

Postby carpenox » Sun Jul 04, 2021 12:27 pm

ok cool thx
Alma Linux 8.5 | Version: 2.14-858a | BUILD: 220513-0819 | SVN Version: 3602 | DB Schema Version: 1661 | Asterisk 16.17.0-vici
www.CyburDial.net -:- 725-22-CYBUR -:- My Blog: http://vicidial.blog -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 1845
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: DB Failed Attempts

Postby callcentertech » Tue Dec 14, 2021 12:53 am

We have done something like this, though we are not collecting this info on a database or dashboard.

1. Build a custom dashboard woth related fields like server IP.”, time of attack etc. Make it the way it accepts http post with parameters
2. Work with your linux magic to run a api post on the db events you want to log on the dashboard.

3. Watch the dashboard and enjoy.

Its much easier to use Nagios for this job and it also sends realtime email alerts for the same. But $2000 for 100 endpoints look too expensive for me lol..

carpenox wrote:Is there any way to setup a report that will display the following from phpmyadmin but with an automatic refresh rate to watch for hacking attempts on the DB?

Image

Is there already a way to do this?

Also I have asked before but no responded, what about generating a report with the VB-Firewall that shows in real time anyone trying to hack into the system? A monitoring tool if you will.

Thanks,

-Nox
Email: kaushal@callcentertech.net, Phone/WhatsApp: +1 (636)-556-0022
Web: https://www.callcentertech.net, Skype: live:52956f35f3283f55
VICIdial Blog: https://www.callcentertech.net/blog
callcentertech
 
Posts: 45
Joined: Sat Jul 17, 2021 2:01 pm
Location: Ahmedabad, India

Re: DB Failed Attempts

Postby carpenox » Thu Dec 23, 2021 12:03 am

agreed for sure
Alma Linux 8.5 | Version: 2.14-858a | BUILD: 220513-0819 | SVN Version: 3602 | DB Schema Version: 1661 | Asterisk 16.17.0-vici
www.CyburDial.net -:- 725-22-CYBUR -:- My Blog: http://vicidial.blog -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 1845
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: DB Failed Attempts

Postby williamconley » Mon Jun 13, 2022 1:18 pm

I know vicihost has a NOC product they use. I think it has some sort of status check as well. Adding

Code: Select all
mysql -u cron -p\$VARDB_pass -e "show status like '%Aborted%'";


with some modifications to include other requested values would be fairly easy.

In our case, we run this directly in our ServerWatch package along with several others that are similar.

But ... we also lock the IP of each of the servers into the Database server so no other IPs can even make a request. Since all the servers are whitelisted, gaining access to the database would require being "allowed in" to at least one server and then taking over that server to make DB requests from it.

However, merely making a web page with these values showing and perhaps an alert if any of the values begin to climb, would be quite valuable. Whether it was an indication of attack or system failure ... either way it would be useful. Not a bad idea. 8-) At that point either add an auto-refresh feature to the page, or run it with a cron job and have the page generate an email if the values change (the ones that shouldn't at least).
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 19952
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to Features

Who is online

Users browsing this forum: No registered users and 6 guests