BPS Pro Alert: A New Security Log Entry Has Been Logged

[young]

I am getting emails about once an hour with the following content:
A New Security Log Entry Has Been Logged in your Security Log File.
Site: http://
To view the Security Log go to the BPS Security Log page.

I want to get email alerts for security events, but is there a way to control how often they are sent? If not, what do I change so that email alerts are sent for login events but not other events?

[AITpro Admin]

I recommend that you choose: Do Not Send Email Alerts for option:  Security Log: New Log Entry Has Been Logged on the BPS Pro S-Monitor page. Security Log email alerts are sent once per hour.  A typical website would receive 24 emails per day every day so this option setting is just for troubleshooting, otherwise you are just spamming yourself.  I also recommend that you turn off option: Security Log: New Log Entry Has Been Logged Alerts on the S-Monitor page for the same reasons and should also only be used for temporary troubleshooting.

The Login Security: Send Email Alerts When… option is on the S-Monitor page with all other email and dashboard alerts option settings and is set independently like all other email and alert option settings.

[young]

Thanks.

It would be cool to get a summary (just highlights and activity type counts) once a day in an email.  Add that to your enhancement list.

[AITpro Admin]

Hmm yeah not sure how that would be beneficial.  The Security Log should be used for troubleshooting when necessary otherwise you should not bother looking at it.  It would be a full-time job to check our Security Logs regularly so we do not bother looking at them regularly.  Monitoring your Security Log all day long or even frequently or regularly would be like monitoring your Apache Server log file.  Usually you only check log files when there is some kind of issue or problem that you need to troubleshoot.

[young]

Ok, maybe not a just a daily summary.  How about critical event or increased event from a particular source.

The issue is that I am just now realizing how bad cyber attacks are.  My sites and the content have no real value to an attacker or whoever they are passing the info too.   I am very interested if the attacks are successfully being thwarted and if they are moving to a more complex attack.

If my websites are also honeypots, I want to gain some intelligence from it.  Maybe what I am looking for is a different plugin that provides attacker country, attack pattern, attack characteristics, etc.  What I really want is a plugin that can attack the attacker.

[AITpro Admin]

“What I really want is a plugin that can attack the attacker”

Yep we played around with that years ago. The problem with doing something like that are these factors:
hackers hack victim sites and use those victim sites to hack other sites.
hackers primarily use bots and the delivery system origin can be located anywhere and not necessarily a hacker’s actual personal site or they just use known bad/infested hosts that do not provide any oversight and allow hackers and spammers to do whatever they want to do.
It is very rare when a hacker will give away his actual location and most of the logged info would be spoofed or bounced or what is very common these days is to use Mobile Devices as hackerbot/spambot delivery systems.
Google or other search engines or Hosts may not appreciate you attacking any other sites no matter what the reason and you could get in trouble for doing that.

Oh and 1 more thing to add to the list:  Chinese spammers have millions of ip addresses that they use.  Trying to do anything by blocking ip addresses individually would be foolish and costly both for you and for your website and server.  It is better to block by bad action instead of trying to block things individually.  The point – millions of spambot/hackerbot attacks are blocked by just a few lines of code vs wasting a lot of time and using 1,000’s of lines of code and crippling your website and server performance.

Long story short we played around with something we created years ago nicknamed “Boomerang” (no it is not available in any shape or form to the public) and found that it was fun to experiment with, but not really anything that could be used practically/safely/publicly by the average person. You are not going to get much “intel” from log entries that you can do anything with besides just document known bad ip addresses, bad hosts, etc.  Everything that most hackers and spammers display publicly or that is logged cannot cause a negative impact for that hacker or spammer in any way.  So basically the best approach is to simply just block/forbid bad actions by hackers and spammers and go about your normal business.

[young]

Roger all that.  Thanks.

[Mark]

[Topic has been merged into this relevant Topic]
I have the typical security  message showing up: “Security Log Alert A New Security Log Entry Has Been Logged. Click Here to go to your Security Log.” However, when I go to reset the log by hitting the “Reset Last Modified Time in DB” it seems to work fine by displaying the”settings saved” but then the security message never goes away? Any suggestions on how to fix this problem?

[AITpro Admin]

@ Mark – Most likely what is happening is that the Reset is working, but your site is probably being Brute Force attacked and new Security Log entries are being created so it appears that the Reset is not working.  Our sites sometimes get attacked at rates of 100 Brute Force login attacks per second.  So basically that means that even resetting the last Security Log alert would not make the Security Log alert go away because new Alerts would be displayed.  We turn Off Security Log Alerts on all of our sites and I recommend that you do that as well.  To turn Off Security Log Alerts go to the S-Monitor page > Security Log: New Log Entry Has Been Logged Alerts > Turn Off Displayed Alerts.

[Author]

Posts