[SR-Users] Login Attempts

Daniel-Constantin Mierla miconda at gmail.com
Wed May 27 08:15:44 CEST 2020


Hello,

On 26.05.20 22:12, Ahmed Marsou wrote:
> Sorry, what I want is to block a user after 'n' incorrect login
> attempts and leave it blocked until a user unblocks them from the
> website. I try something with the htable module but I don't know if I
> can save the value in the database. Is going to check if the number of
> login attempts is > 'n', and if is > 'n', I gonna leave it blocked and
> send a MESSAGE to an app.
> I starting with something like this:
>
> modparam("htable", "htable", "a=>size=8;autoexpire=920;") . . .
> if(is_present_hf("Authorization")){ reg_fetch_contacts("location",
> "$fu", "existingContact"); if($sht(a=>$au::auth_count)==3){
> xlog("Other attempts auth failed more than 3 times - src ip: $si\n");
> $var(address) = $si; $var(ruri) = "[" + $var(address)+ "]" + ":" + $sp
> + ";" + "transport" + "=" + $proto; #Send a SIP Request signalling the
> problem and its reason on the body $uac_req(method)="MESSAGE";
> $uac_req(ruri) = "sip:"+ $au + "@" + $var(ruri); $uac_req(furi) =
> "sip:kamailio at ericsson.net <mailto:sip%3Akamailio at ericsson.net>";
> $uac_req(turi) = $fu; $uac_req(hdrs)="Max-Forwards: 70\r\nEvent:
> reg\r\nContent-Type:
> text/plain\r\nAccept-Contact:*;+g.ext.app.registration\r\n";
> $uac_req(body)="Accout Blocked. Plese contact with your adminstrator";
> uac_req_send(); exit; }else{ $sht(a=>$au::auth_count) = 0; }
> if(!www_authenticate("ericsson.net <http://ericsson.net>",
> "subscriber")){ switch ($retcode) { case -1: sl_send_reply("403",
> "Forbidden"); exit; case -2: if($sht(a=>$au::auth_count) == $null)
> $sht(a=>$au::auth_count) = 0; $sht(a=>$au::auth_count) =
> $sht(a=>$au::auth_count) + 1; break; }
> www_challenge("$td"/*realm*/,"0"/*qop*/); exit; }
> $sht(a=>$au::auth_count) = 0; } else { www_challenge("$td","0"); exit;
> } } 
>
> But first problem:
> Is not counting. I dont know if I have to configure any param more to
> start counting attempts?

Why do you say it is not counting? Have you checked the content of the
htable via rpc command to see if anything is stored there?


>
> Second problem:
> I dont know the best option to save the login attempts on databes.
> Theres is any module that can help?


Check the sqlops module, it allows to do any sql query.


Cheers,
Daniel


> Thank you so much.
>
>
>
>
>
>
> El mar., 26 may. 2020 a las 21:56, Daniel-Constantin Mierla
> (<miconda at gmail.com <mailto:miconda at gmail.com>>) escribió:
>
>     Hello,
>
>     if you look for inserting into/querying from a database table from
>     config script, look at sqlops module.
>
>     If you need something else, provide more details about what you
>     want to achieve.
>
>     Cheers,
>     Daniel
>
>     On 26.05.20 20:38, Ahmed Marsou wrote:
>>     Hi;
>>     I have to control the login attempts, but blocking the user until
>>     I unlock him from web site. To do that I have to save the
>>     paramter on database. There is any table and column where I can
>>     save that parameter? 
>>     I'm using the  htable module to count the Authentification
>>     attempts. There's is any module that do that easily? 
>>     Thank you.
>>
>>
>>     _______________________________________________
>>     Kamailio (SER) - Users Mailing List
>>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>     -- 
>     Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com>
>     www.twitter.com/miconda <http://www.twitter.com/miconda> -- www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda>
>     Funding: https://www.paypal.me/dcmierla
>
-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20200527/6098f11e/attachment.html>


More information about the sr-users mailing list