Secure your SugarCRM or SuiteCRM system. Protection against brute force attacks. Track users' logins and protect your data. Detect and Defend your CRM system from threats coming from hostile IPs.
SuiteCRM - 2 - Admin Guide
2.1 Access Monitor
After having installed CRM Defender, you get an Access Monitor link on the Lion Solution CRM Defender panel:
At the very first time you look there, you won’t find anything:
But i.e. right after one logout and a successful login with the admin user from a client with IP: 22.214.171.124, this is what you will see:
Access Monitor List View is provided with 6 columns, most of them are self-explaining:
• IP Addresses
• Typed Name
• Registered Time
• Recognized User – this field is filled just in case of Success
• Admin User?
• Result – Could be: Login Success, Login Failed, Banned
You can do a search or an advanced one, if you want to check your user’s accesses, the failed ones, or the banned IPs.
2.1.2 Delete failed attempts
Basically you can delete every row in the List View just selecting them and hitting “Delete”.
In the following example you are going to delete all failed attempts coming from 2 different IP addresses:
In first cases there were a typed name: admin, in the others not even that.
No Users have been recognized as the Login results were:” Failed”.
2.2 Ban IP Addresses
Let suppose you entered 3 as the maximum number of failed attempts before lockout as in section 1.2.3, then after 3 failed login attempts from the same IP address on the same day, on a 4th failed attempt that IP address will be banned by CRM Defender.
At the 4th failed attempt the request from this IP will be rejected by the .htaccess file so the client will receive a 403 error
2.2.1 Slow Attacks
The “Slow Attacks” consists in trying a login only a few times every hour.
If an attacker tries wrong combinations of username and passwords with the slow attacks technique, CRM Defender is still effective, because it checks failed attempts in a range of one day.
2.2.2 How to remove an IP from the banned list
CRM Defender is very safe and easy to manage. If you want to free a previsiosly banned IP, you just have
1. to access to your CRM istance from a different IP: you can use a mobile connection or a proxy server; there are many of them available on the internet; you can use http://nl.smarthide.com for example,
2. add the IP to the whitelist
3. and that's all. You can login again from the banned IP after refreshing the page.
Other add-ons of interest
Glances - Integrate All Your Applications
Accomplish More Every Day. Spend your time on getting things done, not on finding information. Glances securely connects all of your apps and provides a simplified view of the data you need right when you need it, in real time.
Monitor for SugarCRM
Would you like to be informed when something breaks down in the system? Get alerts from Monitor by eVolpe!
SecuritySuite - SuiteCRM and CE Teams
Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.