Does IP generate log-files?

koenraadl · September 16, 2017, 8:25pm

At the moment I’m using IP 1.5.3.
Is there some log-file ? I’m testing invoice-plane with a server accessible from the Internet. Already some people try access the server although nobody knows the FQDN except the testers. I would like to use something like fail2ban to block brute-force attacks but that needs some log-file which contains the failed attempts, with its ip-addresses. I tried the apache-logs, but there everything seems OK, just access-entries, no errors from failed log-ins.
In ipconfig.php there is a setting “ENABLE_DEBUG” which seems to “enable advanced logging”. Where does that logging go to ? Is there other logging than “advanced logging” ?

Thanks.

Kovah · September 17, 2017, 7:58am

It seems you didn’t followed the instructions on the top of ths page to read the wiki and the FAQ. The FIRST entry in the FAQ is about logging in IP

https://wiki.invoiceplane.com/en/1.5/general/faq#debugmode

To answer the rest of your question: IP does not log failed attempts because the debug mode is exactly what the name states: a mode for debugging, not for day to day use.

koenraadl · September 17, 2017, 8:52am

My apologies for not reading the FAQ thoroughly enough.
And thanks for the link.

So there is no way I can prevent brute-force attacks trying to guess the passwords ? Something for the wishlist ?

koenraadl · October 12, 2017, 1:42pm

Hi,
I modified application/modules/sessions/controllers/Sessions.php to have some logging.
Is there a way to have it included in a next release ?
It needs some polishing I think.

Kovah · October 16, 2017, 6:17am

You may just create a pull request for the 1.6.0 branch with the changes. All further discussion on the code is then done in the pull request.

koenraadl · October 24, 2017, 8:44am

Just did a pull request.
I hope I did it right, it’s the first time I’m using github.