Authentication: Anti-hammering / Login blocker

auth_antihammer
Maintained by Picture of Sebsoft PluginsSebsoft Plugins, Picture of Rogier van DongenRogier van Dongen
The Sebsoft Anti Hammering Authentication Plugin offers you the possibility to prevent hammering your login system. This plugin can be configured to "smart detect" so called hammering on IP basis or for users in general.
195 sites
127 downloads
14 fans
Current versions available: 4


SEBSOFT ANTIHAMMER PLUGIN


The Sebsoft Anti Hammering Authentication Plugin offers you the possibility to prevent hammering your login system.

This plugin can be configured to "smart detect" so called hammering on IP basis or for users in general.

Hammering is the process of pretty much brute force attacking Moodle's login system.

This plugin detects the IP address of the remote client, and will track the entered username (and, if the

username exists, also the Moodle userid) and stores it's information to block the user and/or IP address

depending on the configuration of your authentication plugin.


When the plugin has been installed, you should enable or disable blocking by IP and/or username and

configure the timespan at which detection is valid and number of times an attempt can be made.


This plugin can also be configured to make use of the messaging API in moodle.

This is a specific setting that needs to be enabled; if not configured the messaging API will not be used.

Please note receiving messages is not configured for everybody by default. Every applicable person (usually

administrators) MUST configure their preferences if they'd like to receive these messages.


Moodle's lockout system vs Antihammer:

Moodle already has the capability to (temporarily) lock out users https://docs.moodle.org/30/en/Site_policies#Account_lockout)


However, this plugin will add to that functionality, enabling to also take a look at specific IP usage of users trying to login.

There is *no* interaction with the lock out users system of Moodle.


If you want to be able to use the default method of Moodle account locking, but want to use

this plugin for the additional functions of being able to block hammering/testing of passwords

from a certain IP, you need to enable the IP Settings of the antihammer plugin.

You *need* to keep the User mode/setting disabled if you wish to keep Moodle's standard account lockout.


Furthermore this function differs from the Moodle implementation as Moodle will also allow

you to configure if you want to send an e-mail with a unlock link.

The Antihammer authentication method does not do this, as it's more of a way to

provide additional security and possibly block attacks with admin notification.


*Warning*: Whatever you do, do *never* enable both the user mode in Antihammer

AND the account lockout feature together, this may/will cause unintended side effects.


Important note:

This plugin does not neccessarily prevent brute force hacking when IP detection is not configured.

When the only checks are done based on the username, and an attacker uses a different username on virtually

every request (dictionary hacking), a lot of log/status records will be created, but this plugin can't

really do anything (simple because the username is differing too often). In that case IP blocking might help.


Please note this authentication plugin creates administration menu items to view the logs and status tables.


INSTALLATION


- Copy the antihammer folder to your auth directory.

- Configure your authentication plugin.

- We're ready to run!


Screenshots

Screenshot #0

Contributors

Picture of Sebsoft Plugins
Sebsoft Plugins (Lead maintainer)
Picture of Rogier van Dongen
Rogier van Dongen: Lead maintainer / developer
Please login to view contributors details and/or to contact them

Comments RSS

Show comments
  • Picture of Rekha C
    Fri, Jan 13, 2017, 12:14 AM
    Hi, Please provide for 3.2 soon
  • Picture of Sebsoft Plugins
    Wed, Feb 1, 2017, 12:58 AM
    We're currently testing the new version for 3.2 in our internal tests.
  • Picture of Rogier van Dongen
    Thu, May 11, 2017, 10:34 PM
    New version is here!
    No real changes (except for a small few additions, changes to adhere to Moodle's Coding Standards).
    Functionality tested on Moodle 3.0, 3.1, 3.1 and 3.3

    Cheers!
  • Picture of Rekha C
    Sun, Sep 24, 2017, 6:35 PM
    In moodle 3.3, When I click on reports or Logs, 'Coding error detected, it must be fixed by a programmer: PHP catchable fatal error'.
  • Picture of Rogier van Dongen
    Mon, Nov 6, 2017, 8:06 PM
    New version!
    pix_url has been replaced with image_url()
    Version requirement for Moodle: 3.3 and onwards.
    @Rekha: I've not been able to reproduce as of yet, and also still waiting on a response to the private message I sent.
    Cheers!
  • Picture of Pusdiklat BMKG
    Sun, Dec 29, 2019, 6:49 PM
    Please kindly make it available on moodle 3.5, 3.6, 3.7,3.8. Thank you.
  • Picture of Steve Radford
    Mon, Jun 8, 2020, 4:10 AM
    Is there a way to see (and selectively release) users and IP addresses that are currently blocked? For example, if a legitimate user is blocked, is there a way to remove the block on their username or IP address without having to wait for it to be automatically cleared?
  • Picture of Rogier van Dongen
    Mon, Jun 15, 2020, 4:21 PM
    Hello Steve,
    If you're a site administrator, you can navigate to "site administration" and there, in the first tab, there should be a navigation option "Anti-hammering / Login blocker" -> "Antihammer reports".
    From there you can easily see the users currently blocked and remove their block if really needed.
    A new version _will_ be released soon though, as Moodle's message API expects more variables that were previously (quite some time ago) not necessary. Note this does _not_ stand in the way of the workings of the plugin.
  • Picture of Rogier van Dongen
    Mon, Jun 15, 2020, 4:44 PM
    New version just added!
    Added option to remove all current blocks, modified code according to Moodle expectations (read: resolve notification in debug modus).
    Cheers!
  • Picture of Steve Radford
    Mon, Jun 15, 2020, 6:31 PM
    That's great - thanks
  • Picture of Steve Radford
    Mon, Jul 6, 2020, 4:17 PM
    We're finding this plugin really useful, thank you. Just wondering if you have any plans to update it for Moodle 3.9?
  • Picture of Sa brine
    Fri, Jul 24, 2020, 9:44 PM
    hello guys, when i click Antihammer reports and Antihammer logs.
    This error message me display Argument 4 passed to table_sql::set_sql() must be of the type array, null given, called in /antihammer/classes/table.php on line 223.
    Please help me.
  • Picture of Rogier van Dongen
    Fri, Jul 24, 2020, 10:05 PM
    @Steve Will be confirmed ASAP
    @Sa brine: thanks for the report, will be fixed ASAP
    New version will likely be available today or after the weekend
    Cheers!
  • Picture of Rogier van Dongen
    Fri, Jul 24, 2020, 10:19 PM
    And then new version is here. Verified to work on Moodle 3.9, table issues were fixed.
    Cheers!
    Rogier
  • Picture of Lalitnarayan Hembram
    Wed, Jul 29, 2020, 2:22 PM
    How to fixed table issue please tell me sir santhaldisom
1 2
Please login to post comments