Add support for variables

Created on 30 June 2017, over 7 years ago
Updated 3 May 2024, 8 months ago

This is a very nice module for those of us with small sites who try to actively fight against hackers.

I'm seeing a lot of watchdog entries like

Login attempt failed for xyz.

for a specific xyz that doesn't actually exist on the site. Unfortunately, Autoban lets me only block Login attempt failed for %user., but not messages with replaced variables.

I realize that filling in variables cannot be done at the database level and it takes much more processing, but I'd still like to have this available for sites where it's feasible.

Feature request
Status

Active

Version

1.0

Component

Code

Created by

🇨🇭Switzerland salvis

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • 🇪🇨Ecuador jwilson3

    In the Drupal 8+ versions at least, the query hits both the messages and the variables table, so what am I missing?

    I see the same user names (often well-known at stopforumspam.com, or obvious ones like "Administrator") again and again, and I would be happy to block these IPs with a Threshold of 1.

    You could setup a rule with a REGEXP query for user.*Administrator which would hit against the variables table. It is ashame that the the module doesn't let you specify a search query containing one part for the message column and the other part for the variables column.

    If you try this, you'll want to test heavily for false positives, with either Autoban rule test feature, or with SQL queries:

    SELECT * FROM watchdog WHERE `variables` REGEXP 'user.*Administrator'
    
Production build 0.71.5 2024