by Lion Solution

Secure your SuiteCRM. Protection against brute force attacks. Track users' logins and protect your data.

Free 30 day trial
Try it Now

2 - Admin Guide

2.1 Access Monitor

After having installed CRM Defender, you get an Access Monitor link on the Lion Solution CRM Defender panel:

image019.png

At the very first time you look there, you won’t find anything:

image020.png

But i.e. right after one logout and a successful login with the admin user from a client with IP: 95.240.113.138, this is what you will see:

AccessMonitor_1row2.png

Access Monitor List View is provided with 6 columns, most of them are self-explaining: • IP Addresses • Typed Name • Registered Time • Recognized User – this field is filled just in case of Success • Admin User? • Result – Could be: Login Success, Login Failed, Banned

2.1.1 Search

You can do a search or an advanced one, if you want to check your user’s accesses of the failed ones, or the banned IPs.

2.1.2 Delete failed attempts

Basically you can delete every row in the List View just selecting them and hitting “Delete”. In the following example you are going to delete all failed attempts coming from 2 different IP addresses: image022.png In first cases there were a typed name: admin, in the others not even that. No Users have been recognized as the Login results were:” Failed”.

2.2 Ban IP Addresses

Let suppose you entered 3 as the maximum number of failed attempts before lockout as in section 1.2.3, then after 3 failed login attempts from the same IP address on the same day, on a 4th failed attempt that IP address will be banned by CRM Defender. At the 4th failed attempt the request from this IP will be rejected by the .htaccess file so the client will receive a 403 error image023.png

2.2.1 Slow Attacks

The “Slow Attacks” consists in trying a login only a few times every hour. If an attacker tries wrong combinations of username and passwords with the slow attacks technique, CRM Defender is still effective, because it checks failed attempts in a range of one day.

2.2.2 How to remove an IP from the banned list

CRM Defender is very safe and easy to manage. If you want to free a previsiosly banned IP, you just have 1. to access to your CRM istance from a different IP: you can use a mobile connection or a proxy server; there are many of them available on the internet; you can use any proxy server service like https://www.croxyproxy.com/, 2. add the IP to the whitelist Screen Shot 02-11-17 at 03.28 PM 001.PNG 3. and that's all. You can login again from the banned IP after refreshing the page.

Saving Comment Saving Comment...