SuiteCRM - 2 - Admin Guide
2.1 Access Monitor
After having installed CRM Defender, you get an Access Monitor link on the Lion Solution CRM Defender panel: At the very first time you look there, you won’t find anything: But i.e. right after one logout and a successful login with the admin user from a client with IP: 22.214.171.124, this is what you will see: Access Monitor List View is provided with 6 columns, most of them are self-explaining: • IP Addresses • Typed Name • Registered Time • Recognized User – this field is filled just in case of Success • Admin User? • Result – Could be: Login Success, Login Failed, Banned
You can do a search or an advanced one, if you want to check your user’s accesses, the failed ones, or the banned IPs.
2.1.2 Delete failed attempts
Basically you can delete every row in the List View just selecting them and hitting “Delete”. In the following example you are going to delete all failed attempts coming from 2 different IP addresses: In first cases there were a typed name: admin, in the others not even that. No Users have been recognized as the Login results were:” Failed”.
2.2 Ban IP Addresses
Let suppose you entered 3 as the maximum number of failed attempts before lockout as in section 1.2.3, then after 3 failed login attempts from the same IP address on the same day, on a 4th failed attempt that IP address will be banned by CRM Defender. At the 4th failed attempt the request from this IP will be rejected by the .htaccess file so the client will receive a 403 error
2.2.1 Slow Attacks
The “Slow Attacks” consists in trying a login only a few times every hour. If an attacker tries wrong combinations of username and passwords with the slow attacks technique, CRM Defender is still effective, because it checks failed attempts in a range of one day.
2.2.2 How to remove an IP from the banned list
CRM Defender is very safe and easy to manage. If you want to free a previsiosly banned IP, you just have 1. to access to your CRM istance from a different IP: you can use a mobile connection or a proxy server; there are many of them available on the internet; you can use http://nl.smarthide.com for example, 2. add the IP to the whitelist 3. and that's all. You can login again from the banned IP after refreshing the page.