Gargoyle Forum

Hello,

is it possible to see which clients connected to the Webcam?
By syslog or any other method?

With syslog highest level i don`t see it.
Also is there a plugin to see portscan and maybe block it?
Anti Denial of Service tool?

Hi,
is there a plugin or script to use for brute force attacks to defend?

like
https://gist.github.com/deadbok/77118bfd16a77125b195
https://github.com/robzr/dropBrute
https://github.com/robzr/sub2rbl

As they are 4 years old, i am not sure if they the best to try.
Any other suggestions would be helpful

All of those look ok.
However it would be easier to just not expose SSH to WAN.
Gargoyle also has an SSH rate limiting feature. It just doesn't do the banning part.

The Gargoyle webcam? I would not expect so no. You could modify the code to log it.
You seem incredibly worried about your network. Have you tried the simple things like setting a strong password and not exposing services to WAN?

Remote connect or ssh is not active but some port forwards to 2 cams.
But i can no see the access log somewhere or?
Also if several wrong passwords are used to block it for a time of 2 minutes somehow?

i need the cam to be possible to connect by a cam app
How do i add the cam log in the code?

Those scripts are only designed to block brute force SSH, not logins to your camera's.
The logs are in the rotating systemlog, "logread".

The scripts you linked are all configurable to ban for a certain amount of time.

Can you post some proper details about what you're trying to achieve?
What webcams? How is Gargoyle involved (are they plugged into your router and you're using the Gargoyle webcam plugin), or are you using something else?

I'm also merging your two threads because you're trying to achieve the same thing.

I want to log the wrong password logins of the plugin cam inside gargoyle.
The second on my opinion is different i want to see who tried to login wifi/router and also to fall into a break for new login to the router (5 minutes wait).
And in the end send for both an email with the wrong password try of my choice.

For the webcam plugin, you would need to put some kind of proxy in front of it and log everything, or recompile gargoyle-mjpg-streamer to log the username/password to a file or something. An appropriate spot to do that would be somewhere around here:
https://github.com/jacksonliam/mjpg-str ... pd.c#L1293

The same thing would need to be done to dropbear for logging SSH incorrect passwords.

Note. Logging incorrect passwords is a pretty bad idea! Like really bad. What if i accidentally typed my banking password into your webcam page because i forgot what i was looking at? Or i use the same password for everything and now you have it? Just don't do it.


You already have your answer for slowing down brute force SSH attempts.