Logs / prevent bruteforce attack #321

pstraebler · 2024-07-23T12:55:30Z

pstraebler
Jul 23, 2024

Hi,

I'm starting to use Hoarder, which I really like, and I'm planning to make it publicly accessible on my server.
Before doing so, I was wondering how to prevent myself from being attacked by Bruteforc? I'd like to use Fail2ban for example, but I don't see any log files generated by Hoarder. Docker logs obviously don't contain connection attempts.
I know there was a 'LOG_LEVEL' variable, but it doesn't seem to have any effect.
Any ideas?

Cheers !
Pierre

Answered by MohamedBassem

Jul 23, 2024

Hi, indeed hoarder doesn't right now log its http requests. What you can do is put a reverse proxy (e.g. nginx) in front of hoarder and use its logs for fail2ban. Putting Hoarder behind a reverse proxy is a good idea anyways if you're going to be exposing publicly (e.g. for https, etc)

View full answer

MohamedBassem · 2024-07-23T13:00:04Z

MohamedBassem
Jul 23, 2024
Maintainer

Hi, indeed hoarder doesn't right now log its http requests. What you can do is put a reverse proxy (e.g. nginx) in front of hoarder and use its logs for fail2ban. Putting Hoarder behind a reverse proxy is a good idea anyways if you're going to be exposing publicly (e.g. for https, etc)

0 replies

pstraebler · 2024-07-23T14:05:58Z

pstraebler
Jul 23, 2024
Author

I'm not used to filtering hosts to ban via apache logs, but this can indeed do the trick.
Thanks!

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Logs / prevent bruteforce attack #321

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Logs / prevent bruteforce attack #321

pstraebler Jul 23, 2024

Replies: 2 comments

MohamedBassem Jul 23, 2024 Maintainer

pstraebler Jul 23, 2024 Author

pstraebler
Jul 23, 2024

MohamedBassem
Jul 23, 2024
Maintainer

pstraebler
Jul 23, 2024
Author