• Resolved thehowarde

    (@thehowarde)


    Hi.

    I can’t seem to be able to make the

    define(‘CERBER_FAIL_LOG’, ‘/path/to/log’);

    actually write the failed logins to the log file specified…

    I have this in the wp-config.php for the domain in question, I have the read/write permissions for the file set to 0666 to make sure it’s totally writeable, and the ownership of the file is by the correct user and group.

    Version: WP Cerber Security 5.8.6.

    Thanks for your help.

    • This topic was modified 6 years, 11 months ago by thehowarde.
Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    Besides the constant definition, you have to enable this setting: Write failed login attempts to the file. It’s on the Main settings tab.

    Thread Starter thehowarde

    (@thehowarde)

    This is already checked, and still not working.

    Thanks.

    Plugin Author gioni

    (@gioni)

    Please inspect the web server error log.

    Thread Starter thehowarde

    (@thehowarde)

    Hi Gioni. Is there anything to be looking for in the server error log? Maybe you could point me in the right direction?

    Thanks

    Plugin Author gioni

    (@gioni)

    You need to look for your filename that you’ve specified with CERBER_FAIL_LOG.

    Also you can find the following line in the wp-cerber.php file

    if ( $log = @fopen( CERBER_FAIL_LOG, 'a' ) ) {

    and remove @ symbol this way:

    if ( $log = fopen( CERBER_FAIL_LOG, 'a' ) ) {

    This should produce informative error messages in the server error log if the plugin is unable to write to the file.

    Thread Starter thehowarde

    (@thehowarde)

    Ok… Thanks. I’ll keep you posted.

    Thread Starter thehowarde

    (@thehowarde)

    Ok… Thank you for your help with this. It is working now.

    One question if I may. I notice that it’s only recording actual failed log in attempts where people try to log in with a username, but since the wp-login is changed, it isn’t recording IP’s for those who are attempting to access the unauthorized URL. Is there a way to log this information, as these are the IP’s of the malicious attempts… right?

    Thanks again.

    Plugin Author gioni

    (@gioni)

    Not completely. Most those attempts are just probes, not brute-force attacks. The main reason for using logging to a file is to protect a website from intensive brute-force attacks with fail2ban. So logging all those IPs is not implemented intentionally.

    Thread Starter thehowarde

    (@thehowarde)

    Ok. That makes sense. Thanks for the great plugin.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘CERBER_FAIL_LOG’ is closed to new replies.