Viewing/locating Jetpack Security log files

  • Resolved gaffer.wiles

    (@gafferwiles)


    7 years, 4 months ago

    After battling bruteforce attacks on several of my WordPress site, Jetpack was recommended to me.

    Since I installed Jetpack the dashboard reports that 32 malicious attacks have been blocked!

    Great!

    But how do I see details of those attacks? The dashboard doesn’t seem to display any detail other than the number of attacks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Richard Archambault

    (@richardmtl)

    Hi! We don’t have any reports to show you; all they would show would be the IPs of known bots that tried to access your Login page; there wouldn’t be any additional details beyond that, and since that information is of very limited use to our end-users, we do not display the details.

    I actually see the Jetpack attack information by using ModSecurity with the OWASP Core Rule Set. I had to do a little tweaking of the rules to parse correctly with filebeat to logstash to elastic, but I get all of the Jetpack block events through the Modsecurity audit log.

    As indicated by the Jetpack engineer, unless you’re trying to do some event analytics, the Jetpack ‘app firewall’ did its job and you can go on. But if you really want those events you can just install ModSecurity with the OWASP CRS. You can just run it in detection mode only (not blocking). Although, if you go to the lengths to install ModSecurity, you may as well take the time to do the initial burn-in phase, make your necessary white lists so you don’t break wordpress, and turn on enforcement mode.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Viewing/locating Jetpack Security log files’ is closed to new replies.