Add simple peak detection #152

ChristophWurst · 2019-09-10T15:04:42Z

Fixes #115

lib/Service/LoginClassifier.php

rullzer · 2019-09-10T19:11:12Z

lib/Service/LoginClassifier.php

+		// Have we sent more than three alerts in the last hour
+		$lastHour = count($this->mapper->findRecentByUid($uid, $now - 60 * 60));
+		if ($lastHour >= 3) {
+			$this->logger->warning("Suspicious login peak detected: $uid received $lastTwoDays alerts in the last hour");


$lastTwoDays seems incorrect

Suggested change

$this->logger->warning("Suspicious login peak detected: $uid received $lastTwoDays alerts in the last hour");

$this->logger->warning("Suspicious login peak detected: $uid received $lastHour alerts in the last hour");

rullzer

Overall looks good but the counting of the notifications is not right I think :P

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

ChristophWurst · 2019-09-11T06:37:23Z

Please have another look.

Removed the comments as they are prone to get out of sync with the code/notification
Changed the comparison to > as opposed to >= as the current alert is included
Reduced to 10 alerts per two days window max

While #152 addressed rate limiting notifications to users, we still have some logging outside of there that isn't covered. * Adjusts log levels (Warning -> a mixture of Debug and Info) of the two main messages that aren't rate limited * Adjusts log levels of the already rate limited messages to Info level (from Warning) to be more consistent with Brute Force Protection log levels This cuts down on the log noise from "Detected a login from a suspicious login..." All logs remain available at the appropriate log levels if desired. Signed-off-by: Josh <josh.t.richards@gmail.com>

ChristophWurst added enhancement New feature or request 3. to review labels Sep 10, 2019

ChristophWurst added this to the next milestone Sep 10, 2019

ChristophWurst requested a review from rullzer September 10, 2019 15:04

ChristophWurst self-assigned this Sep 10, 2019

rullzer reviewed Sep 10, 2019

View reviewed changes

lib/Service/LoginClassifier.php Outdated Show resolved Hide resolved

rullzer reviewed Sep 10, 2019

View reviewed changes

lib/Service/LoginClassifier.php Outdated Show resolved Hide resolved

rullzer reviewed Sep 10, 2019

View reviewed changes

rullzer requested changes Sep 10, 2019

View reviewed changes

Add a simple peak detection

8d3b253

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

ChristophWurst force-pushed the feature/simple-peak-detection branch from a0d7c25 to 8d3b253 Compare September 11, 2019 06:36

ChristophWurst requested a review from rullzer September 11, 2019 06:36

rullzer approved these changes Sep 11, 2019

View reviewed changes

ChristophWurst merged commit a3f08da into master Sep 11, 2019

ChristophWurst deleted the feature/simple-peak-detection branch September 11, 2019 06:48

ChristophWurst modified the milestones: 2.1.0, 2.2.0 Sep 11, 2019

ChristophWurst mentioned this pull request Aug 10, 2020

Everything is flagged as suspicious #303

Closed

joshtrichards mentioned this pull request May 3, 2024

fix(LoginClassifier): Adjust log levels / reduce logging noise #875

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add simple peak detection #152

Add simple peak detection #152

ChristophWurst commented Sep 10, 2019 •

edited

Loading

rullzer Sep 10, 2019

rullzer Sep 11, 2019

rullzer left a comment

ChristophWurst commented Sep 11, 2019

	$this->logger->warning("Suspicious login peak detected: $uid received $lastTwoDays alerts in the last hour");
	$this->logger->warning("Suspicious login peak detected: $uid received $lastHour alerts in the last hour");

Add simple peak detection #152

Add simple peak detection #152

Conversation

ChristophWurst commented Sep 10, 2019 • edited Loading

rullzer Sep 10, 2019

Choose a reason for hiding this comment

rullzer Sep 11, 2019

Choose a reason for hiding this comment

rullzer left a comment

Choose a reason for hiding this comment

ChristophWurst commented Sep 11, 2019

ChristophWurst commented Sep 10, 2019 •

edited

Loading