{ "info": { "author": "GRAP, Tecnativa, Odoo Community Association (OCA)", "author_email": "support@odoo-community.org", "bugtrack_url": null, "classifiers": [ "Framework :: Odoo", "License :: OSI Approved :: GNU Affero General Public License v3", "Programming Language :: Python" ], "description": ".. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg\n :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html\n :alt: License: AGPL-3\n\n===============================================================\nTracks Authentication Attempts and Prevents Brute-force Attacks\n===============================================================\n\nThis module registers each request done by users trying to authenticate into\nOdoo. If the authentication fails, a counter is increased for the given remote\nIP. After a defined number of attempts, Odoo will ban the remote IP and\nignore new requests.\nThis module applies security through obscurity\n(https://en.wikipedia.org/wiki/Security_through_obscurity),\nWhen a user is banned, the request is now considered as an attack. So, the UI\nwill **not** indicate to the user that his IP is banned and the regular message\n'Wrong login/password' is displayed.\n\nThis module realizes a call to a web API (http://ip-api.com) to try to have\nextra information about remote IP.\n\nConfiguration\n=============\n\nYou can use these configuration parameters that control this addon behavior:\n\n* ``auth_brute_force.whitelist_remotes`` is a comma-separated list of\n whitelisted IPs. Failures from these remotes are ignored.\n\n* ``auth_brute_force.max_by_ip`` defaults to 50, and indicates the maximum\n successive failures allowed for an IP. After hitting the limit, the IP gets\n banned.\n\n* ``auth_brute_force.max_by_ip_user`` defaults to 10, and indicates the\n maximum successive failures allowed for any IP and user combination.\n After hitting the limit, that user and IP combination is banned.\n\nUsage\n=====\n\nAdmin user have the possibility to unblock a banned IP.\n\nLogging\n-------\n\nThis module generates some WARNING logs, in the following cases:\n\n* When the IP limit is reached: *Authentication failed from remote 'x.x.x.x'.\n The remote has been banned. Login tried: xxxx.*\n\n* When the IP+user combination limit is reached:\n *Authentication failed from remote 'x.x.x.x'.\n The remote and login combination has been banned. Login tried: xxxx.*\n\nScreenshot\n----------\n\n**List of Attempts**\n\n.. image:: /auth_brute_force/static/description/screenshot_attempts_list.png\n\n\n.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas\n :alt: Try me on Runbot\n :target: https://runbot.odoo-community.org/runbot/149/9.0\n\nFor further information, please visit:\n\n* https://www.odoo.com/forum/help-1\n\nKnown issues / Roadmap\n======================\n\n* Remove \ud83d\udc12 patch for https://github.com/odoo/odoo/issues/24183 in v12.\n\n* Depending of server and / or user network configuration, the idenfication\n of the user can be wrong, and mainly in the following cases:\n\n * If the Odoo server is behind an Apache / NGinx proxy and it is not properly\n configured, all requests will use the same IP address. Blocking such IP\n could render Odoo unusable for all users! **Make sure your logs output the\n correct IP for werkzeug traffic before installing this addon.**\n\n* The IP metadata retrieval should use a better system. `See details here\n `_.\n\nBug Tracker\n===========\n\nBugs are tracked on `GitHub Issues\n`_. In case of trouble, please\ncheck there if your issue has already been reported. If you spotted it first,\nhelp us smash it by providing detailed and welcomed feedback.\n\nCredits\n=======\n\nContributors\n------------\n\n* Sylvain LE GAL (https://twitter.com/legalsylvain)\n* David Vidal \n* Jairo Llopis \n\nMaintainer\n----------\n\n.. image:: https://odoo-community.org/logo.png\n :alt: Odoo Community Association\n :target: https://odoo-community.org\n\nThis module is maintained by the OCA.\n\nOCA, or the Odoo Community Association, is a nonprofit organization whose\nmission is to support the collaborative development of Odoo features and\npromote its widespread use.\n\nTo contribute to this module, please visit https://odoo-community.org.\n\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/OCA/server-tools", "keywords": "", "license": "AGPL-3", "maintainer": "", "maintainer_email": "", "name": "odoo9-addon-auth-brute-force", "package_url": "https://pypi.org/project/odoo9-addon-auth-brute-force/", "platform": "", "project_url": "https://pypi.org/project/odoo9-addon-auth-brute-force/", "project_urls": { "Homepage": "https://github.com/OCA/server-tools" }, "release_url": "https://pypi.org/project/odoo9-addon-auth-brute-force/9.0.1.1.0/", "requires_dist": [ "odoo (<9.1a,>=9.0a)" ], "requires_python": "~=2.7", "summary": "Track Authentication Attempts and Prevent Brute-force Attacks", "version": "9.0.1.1.0" }, "last_serial": 4028776, "releases": { "9.0.1.0.0": [ { "comment_text": "", "digests": { "md5": "f51ef2544b8b63c4ea4716c0828af01a", "sha256": "309d3bfbdfeb0ad7734606c2e8bc9c5be0088ab8997e72976ce0b2880453055b" }, "downloads": -1, "filename": "odoo9_addon_auth_brute_force-9.0.1.0.0-py2-none-any.whl", "has_sig": false, "md5_digest": "f51ef2544b8b63c4ea4716c0828af01a", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": "~=2.7", "size": 142162, "upload_time": "2018-05-25T04:40:23", "url": "https://files.pythonhosted.org/packages/5a/7d/2e378547680be30d3e0603d5948151a3677ba70396a6c3c0dbb3dfa23ef1/odoo9_addon_auth_brute_force-9.0.1.0.0-py2-none-any.whl" } ], "9.0.1.1.0": [ { "comment_text": "", "digests": { "md5": "ae6800dff43adc8135993b08a3b346cd", "sha256": "50fbd8bb3585d8636d3c70198f8c7337b7399d9be86f9962005b331fbc9cb0a3" }, "downloads": -1, "filename": "odoo9_addon_auth_brute_force-9.0.1.1.0-py2-none-any.whl", "has_sig": false, "md5_digest": "ae6800dff43adc8135993b08a3b346cd", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": "~=2.7", "size": 142133, "upload_time": "2018-05-27T04:41:42", "url": "https://files.pythonhosted.org/packages/33/3f/c569f5a3d1289bb77edd3013ca6a03a7060abdb4930ee21769b44fa45028/odoo9_addon_auth_brute_force-9.0.1.1.0-py2-none-any.whl" } ], "9.0.1.1.0.99.dev1": [ { "comment_text": "", "digests": { "md5": "96e058539ddf2f52f5ac67d994c93336", "sha256": "2c5449b4dd956bd16a0ca276e1f48c1d5fc1c462c653d52ee7b5ab2290eef968" }, "downloads": -1, "filename": "odoo9_addon_auth_brute_force-9.0.1.1.0.99.dev1-py2-none-any.whl", "has_sig": false, "md5_digest": "96e058539ddf2f52f5ac67d994c93336", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": "~=2.7", "size": 137504, "upload_time": "2018-06-25T04:48:55", "url": "https://files.pythonhosted.org/packages/f2/39/5644dc4f0b43d2489cdbaa8dfee5a92d77017181f89575b47a84ed5ddacb/odoo9_addon_auth_brute_force-9.0.1.1.0.99.dev1-py2-none-any.whl" } ], "9.0.1.1.0.99.dev2": [ { "comment_text": "", "digests": { "md5": "d2a20724331316eb360d6bbc1e0e4467", "sha256": "90996bb8bb7cdc7901bacd1ba4e4c4e0d4494d202f19d01a7f3b05a7b6176ab6" }, "downloads": -1, "filename": "odoo9_addon_auth_brute_force-9.0.1.1.0.99.dev2-py2-none-any.whl", "has_sig": false, "md5_digest": "d2a20724331316eb360d6bbc1e0e4467", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": "~=2.7", "size": 137709, "upload_time": "2018-07-04T04:42:49", "url": "https://files.pythonhosted.org/packages/88/40/c903c178bac7ea5e8b1606d8e93ab7c346a5e8cb6516958f5f473c9f7b25/odoo9_addon_auth_brute_force-9.0.1.1.0.99.dev2-py2-none-any.whl" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "ae6800dff43adc8135993b08a3b346cd", "sha256": "50fbd8bb3585d8636d3c70198f8c7337b7399d9be86f9962005b331fbc9cb0a3" }, "downloads": -1, "filename": "odoo9_addon_auth_brute_force-9.0.1.1.0-py2-none-any.whl", "has_sig": false, "md5_digest": "ae6800dff43adc8135993b08a3b346cd", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": "~=2.7", "size": 142133, "upload_time": "2018-05-27T04:41:42", "url": "https://files.pythonhosted.org/packages/33/3f/c569f5a3d1289bb77edd3013ca6a03a7060abdb4930ee21769b44fa45028/odoo9_addon_auth_brute_force-9.0.1.1.0-py2-none-any.whl" } ] }