This translation is older than the original page and might be outdated. See what has changed.
Translations of this page:
 

fail2ban for SoSci Survey

To access interviews in progress, each interview is assigned a “token,” a 12-character alphanumeric string. Everyone who knows the interview token can continue the interview and can see if applicable with the back button the entered data.

To prevent valid tokens from being determined simply by trial and error (brute force), the server should block IP addresses if they use invalid tokens. Therefore SoSci Survey saves invalid inputs in the file system/logfiles/token-fail.log. Also invalid serialnumbers and serialmail keys are noted in this file.

On Linux systems, you can temporarily block IP addresses that appear frequently in this list using fail2ban. On systems based on Debian a failb2ban can be insatlles as following:

  sudo apt-get install fail2ban

First a file /etc/fail2ban/filter.d/serial-fail.conf with the following content must be created.

[Definition]
failregex = <HOST>\s+(invalid|serial|deliveryToken|session\.id)
ignoreregex =

Afterwards the file /etc/fail2ban/jail.local has to be created or (if already existing) a section [serial-fail] has to be inserted which points to the log file with the invalid entries:

[DEFAULT]
ignoreip = 127.0.0.1/8
maxretry = 3
banaction = iptables-multiport

[serial-fail]
enabled  = true 
port     = http,https
filter   = serial-fail
action   = iptables-allports
           mail-whois[name=Serial Fail, dest=IHRE@E-MAIL-ADRESSE]
logpath  = /PFAD_ZU_SOSCI/system/logfiles/token-fail.log
maxretry = 50
bantime  = 7200
# SoSci Survey will lock IPs by itself, this is just the uppermost limit

[sshd-ddos]
enabled = true

[php-url-fopen]
enabled = true

This entry blocks an IP address for 2 hours (`bantime`), if within 10 minutes (default setting for `findtime`) 50 erroneous entries (`maxretry`) have been made from this address. It is also possible to set the blocking time to be shorter and to block after e.g. 10 erroneous entries, but since SoSci Survey already blocks erroneous serial numbers anyway, this configuration is only a second security barrier.

Load the configuration and check if everything is running: Laden Sie die Konfiguration und überprüfen Sie, ob alles funktioniert:

  sudo fail2ban-client reload
  sudo fail2ban-client status

The output looks for example as follows:Die Ausgabe sieht z.B. wie folgt aus:

Status
|- Number of jail:      3
`- Jail list:   serial-fail, sshd, sshd-ddos
en/server/security/fail2ban.txt · Last modified: 30.09.2021 10:52 by sophia.schauer
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
Driven by DokuWiki