Oscam WEBIF authentification fail logging

[Duster]

Hello to everyone.

I wrote this patch to prevent bruteforce attacks to your opened WEBIF port for remote authentification.

Of course you need fail2ban or similar software to add rule for blocking the attackers IP address, because this patch add only to your oscam.log who want to login to your WEBIF with invalid credentials like this

(2017/09/27 10:21:22 21674558 h (webif) unauthorized access from xxx.xxx.xxx.xxx).

I hope you enjoy it.

Code:

--- /opt/oscam-svn/module-webif-lib.c	2017-09-27 00:05:24.034785811 +0300
+++ /opt/simplebuild/oscam-svn/module-webif-lib.c	2017-09-27 00:03:56.000000000 +0300
@@ -296,6 +296,10 @@
 			}
 		}
 	}
+	if(authok == 0)
+	{
+		cs_log("unauthorized access from %s", cs_inet_ntoa(addr));
+	}
 	return authok;
 }

Regards.

webiffailloggingbyBust3D.zip

[Duster]

Acest patch a fost introdus in Trunk cu foarte putin timp dupa ce am publicat si pe streamboard. Threadul se poate inchide. Multumesc.