is available for Magento® 2
Prevent your website from brute force attacks with Watchlog
Follow the traffic on your Magento® admin
- View the daily and monthly login attempts in graphs
- Get a detailed and a summarized table of the login attempts
- Get a periodic report on the statistics by email
Keep track of the connection attempts
- Define a history lifetime in days
Possible large scale brute force attack on Magento®!
Thousands of Magento® websites are certainely concerned by this very large brute force attack which aim is clearly to force the access to Magento® backoffices.
The principle of that kind of attack is simple: robots try to log into your backoffice using multiple login/password combinations until they find the correct credentials.
Once these credentials are identified, your Magento® website becomes an easy prey for hacking: exploitation of your database, diversion of your payments, hacking, unfair competition...
How did we notice this attack?
At Wyomind, our paid software are delivered with a module named Notification Manager. It keeps you informed about the new updates of our extensions.
This extension is available from your backoffice in System > Configuration > Wyomind > Notification Manager . It lets you choose for which extension you wish to receive notifications.
In order to feed custom notifications to your backoffice, this extension retrieves our RSS feed ( https://www.wyomind.com/rss.xml ) just like Magento® RSS feed ( http://www.magentocommerce.com/notifications_feed ) each time someone or any robot tries to log into your backoffice.
If you want more information on how RSS feeds and notifications work within Magento®, you can read the very complete article of Nick Jones (Magento® Certified Specialist).
This implementation choice has underlined some considerable peaks of requests concerning thousands of websites and implying repetitive login attempts.
These login attempts can recur several times a minute and can reach several tens of thousands attempts every day which will deeply threaten the security of your website as you can see on the screen below.
How to check if my website is subject to these attacks?
If you received a message from us, it means we have noticed an abnormally high number of requests:
You can install our free Watchlog extension to detect the intrusions into your backoffice, you will then be able to track login attempts.
Why my hosting company can't protect my website against these attacks?
It is quite difficult to detect and to implement a firewall against that kind of attack for the following reasons:
- The IPs constantly change
- The IPs requests are made regularly and at different intervals of time
- The IPs try to access from different pages into your Magento® backoffice (Downloader, Admin log in Page...)
What to do?
Fortunately, these attacks are easy to bypass!
Several solutions exist to make your backoffice invisible to robots that try to login:
- Modify the name of your backoffice
- Activate captcha for your backoffice
- Restrict the access to your backoffice by IP with htaccess
- OR use Watchlog PRO that will act as a firewall and so replace all the above steps.
While the free extension Watchlog lists the IPs that try to access your Magento® backoffice, Watchlog PRO will also help you to stop these intrusion attempts.
Watchlog PRO is a more complete version that offers more options than Watchlog.
Connection attempts charts
Check the daily and monthly login attempts charts.
Connection attempts tables
Get detailed and summarized tables of the login attempts data.
Connection attempts history
Define the history lifetime and receive periodical reports.
Blacklist and Whitelist
Create a whitelist and a blacklist of IPs, allow access to whitelisted IPs only.
Automatically or Manually block IPs
Block IPs after X login attempts, block the blacklisted IPs for X minutes.
HOW TO USE THE WATCHLOG EXTENSION FOR MAGENTO
Watchlog is a free extension for Magento® that is easy to use. You'll be able to see very quickly if your Magento® Backoffice is threatened by a brute force attack and if someone or some robots are trying to log into your Magento® admin panel.
HOW TO INSTALL WATCHLOG
To install the Watchlog free extension on your Magento® admin, follow the below steps:
1. Go to the Magento® Connect page.
2. Log in to your account.
3. Click on Install Now.
4. Agree to the license agreements and click on Get Extension Key.
5. Select and copy the extension key.
6. Go to your Magento® admin in System > Magento® Connect > Magento® Connect Manager.
7. In the Settings tab, untick the Maintenance mode box if preferred.
8. In the Install New Extension tab, paste the extension key in the appropriate field and click on Install.
9. The installation starts and shows a message when it's complete.
10. Click on the Refresh button.
11. Return to your Magento® admin.
12. The Watchlog extension is now installed and ready to use!
STEP 1: Configure your Watchlog extension
You can start with configuring your extension in a general way in System > Config > Wyomind > WatchLog .
In the Connexion attempts history tab, you'll be able to configure a certain number of parameters.
History lifetime in days : You have the possibility to define a history lifetime in days in order to purge the history. For example, you'll be able to define the history lifetime on 30 days in order to remove automatically all the login attempts that are older than 30 days.
Send a periodical report : You can choose to receive periodical reports. If you have decided to set that option to YES , then you'll have to define:
- Period to report in days : define how many days you want to include in your report.
- Report title : define a title for your report.
- Report recipients : add the email addresses of the recipients separated by a comma.
- Report schedule : define a schedule to automatically send the reports.
STEP 2: Check the login attempts to your Magento® backoffice
If you go to System > Watchlog , you'll have a global overview of the login attempts executed from your admin panel log in page.
Statistics on the login attempts will be displayed in graphs and tables.
Login attempts charts
You should get two graphs that recap the login attempts statistics on two different periods of time in order to give you the best possible view. The first chart will display the data on 30 days whereas the second one will sum up the login attempts on 24 hours.
On both graphs, you'll have several curves:
- Success : which represents the login attempts that succeeded
- Failed : which represents the login attempts that failed
Login attempts grids
You should find the summary of the last days within two different views:
- Detailed view
- Summarized view
In the Detailed View , you'll find a detailed table of the login attempts. Among that grid, you'll have several data:
- The IP that tried to log into the backoffice.
- The date when the IP tried to log in.
- The login used.
- The message displayed when trying to log in.
- The url from which the IP tried to login.
- The status of the IP: Success or Failed.
By clicking on Switch to the summarized view you should get a table with the basic information. You'll find:
- The IPs that tried to log in
- The date of the last attempt
- The number of login attempts
- The number of failed login attempts
- The number of login attempts that succeeded
By default, both tables display data of the last 30 days. You can edit that from System > Config > Wyomind > WatchLog , in the History lifetime in days field.
At any time you can switch between both views.