maria-developers team mailing list archive

[Roberto Spadim <roberto@xxxxxxxxxxxxx>]

hi guys i want get users / ip that try to connect to server with bad
password/user and retry very frequently (normally a brute force
attack)
some things i need:
1)get information about connection when it fail or not (maybe an audit
plugin could do this?), information that i need:
1.1)protocol (tcp/unix/others)
1.2)user
1.3)remote ip (when tcp only)
it must be executed in every login

2) log this information
maybe we could use CSV,aria, myisam, to log bad logins and put it in a
log table:
PROTOCOL, USER, REMOTE IP, DATATIME

3) add columns to user
BAD_LOGIN_MAX_TRIES, BAD_LOGIN_LOG_TIME, BAD_LOGIN_MIN_RETRY_TIME

4) add server global bad_login_tcp_log_time, bad_login_tcp_max_errors

5) implement checks before connection:
when openned a connection to server via TCP execute something like:
SELECT COUNT(*) FROM bad_login_log WHERE remote_ip="remote_ip" AND
datetime>NOW() - @@bad_login_tcp_log_time

if COUNT(*) > @@bad_login_tcp_max_erros
   disconnect

6) implement user checks:
SELECT COUNT(*),(SELECT BAD_LOGIN_MAX_TRIES FROM users WHERE user="user")
FROM bad_login_log
WHERE user="user" AND datetime>NOW() - (SELECT BAD_LOGIN_LOG_TIME FROM
users WHERE user="user")

if count(*) > bad_login_max_tries form that user
   disconnect



that's all


--
Roberto Spadim
SPAEmpresarial