Page 1 of 1

DB Failed Attempts

PostPosted: Thu Apr 30, 2020 4:44 pm
by carpenox
Is there any way to setup a report that will display the following from phpmyadmin but with an automatic refresh rate to watch for hacking attempts on the DB?

Image

Is there already a way to do this?

Also I have asked before but no responded, what about generating a report with the VB-Firewall that shows in real time anyone trying to hack into the system? A monitoring tool if you will.

Thanks,

-Nox

Re: DB Failed Attempts

PostPosted: Sat Jul 03, 2021 10:06 pm
by carpenox
Any ideas for this Matt?

Re: DB Failed Attempts

PostPosted: Sun Jul 04, 2021 7:36 am
by mflorell
I would consider these specific requests outside of the scope of VICIdial itself, since they don't directly involve VICIdial. I'm sure there are utilities somewhere that can do this already, even if they're just plugins to Nagios or iCinga.

Re: DB Failed Attempts

PostPosted: Sun Jul 04, 2021 12:27 pm
by carpenox
ok cool thx

Re: DB Failed Attempts

PostPosted: Tue Dec 14, 2021 12:53 am
by callcentertech
We have done something like this, though we are not collecting this info on a database or dashboard.

1. Build a custom dashboard woth related fields like server IP.”, time of attack etc. Make it the way it accepts http post with parameters
2. Work with your linux magic to run a api post on the db events you want to log on the dashboard.

3. Watch the dashboard and enjoy.

Its much easier to use Nagios for this job and it also sends realtime email alerts for the same. But $2000 for 100 endpoints look too expensive for me lol..

carpenox wrote:Is there any way to setup a report that will display the following from phpmyadmin but with an automatic refresh rate to watch for hacking attempts on the DB?

Image

Is there already a way to do this?

Also I have asked before but no responded, what about generating a report with the VB-Firewall that shows in real time anyone trying to hack into the system? A monitoring tool if you will.

Thanks,

-Nox

Re: DB Failed Attempts

PostPosted: Thu Dec 23, 2021 12:03 am
by carpenox
agreed for sure

Re: DB Failed Attempts

PostPosted: Mon Jun 13, 2022 1:18 pm
by williamconley
I know vicihost has a NOC product they use. I think it has some sort of status check as well. Adding

Code: Select all
mysql -u cron -p\$VARDB_pass -e "show status like '%Aborted%'";


with some modifications to include other requested values would be fairly easy.

In our case, we run this directly in our ServerWatch package along with several others that are similar.

But ... we also lock the IP of each of the servers into the Database server so no other IPs can even make a request. Since all the servers are whitelisted, gaining access to the database would require being "allowed in" to at least one server and then taking over that server to make DB requests from it.

However, merely making a web page with these values showing and perhaps an alert if any of the values begin to climb, would be quite valuable. Whether it was an indication of attack or system failure ... either way it would be useful. Not a bad idea. 8-) At that point either add an auto-refresh feature to the page, or run it with a cron job and have the page generate an email if the values change (the ones that shouldn't at least).