Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO

Email notification for Log in event, Notify on error

0 votes
147 views
asked Oct 5, 2016 in General by AJK (140 points)

Hello,

We are evaluating CompleteFTP and we would like to enable an email notification when a user fails to login only. We have created the Email notification and selected "Log in" from Events and "Notify on error" in Errors.

For the Subject we have the following text: Failed login attempt - %LoginUserName%

Now every time a user tries to log in, whether is authenticates successfully or not, we get an email notification. We get the following text on the email subject:

When the user "abcd" uses the wrong credentials we get an email with subject: Failed login attempt - abcd

When the user "abcd" uses the correct credentials and logs in successfully we still get an email but this time with subject: Failed login attempt - %LoginUserName%

For the authentication methods we are testing Password and Public Keys together,

Our question is, why do we receive an email notification even if the user logs in successfully and why the email sent on successful logins does not include the username and instead it includes the macro.

 

Thank you,

AJK

commented Oct 5, 2016 by support2 (143,750 points)
Thanks, we'll check this out and get back to you.
commented Oct 5, 2016 by support2 (143,750 points)
We've tried replicating this without success. Could you please send us your config file (C:\ProgramData\Enterprise Distributed Technologies\Complete FTP\config.sdf) and we should be able to replicate.  Please send to support at enterprisedt dot com.

1 Answer

0 votes
answered Oct 6, 2016 by support2 (143,750 points)
This is because some SFTP clients send a "fake" login with no username when they login. The SSH protocol means that the reply message (failed login) lists all the authentication methods that are possible, and the client uses that list to decide what authentication method to try next.

I'm not sure if this should be ignored or logged as a login attempt. We'll consider ignoring it the first time, as it's annoying having the login event triggered when it is not really trying to login.
commented Oct 6, 2016 by AJK (140 points)
So this will be included in the next update?
commented Oct 7, 2016 by support2 (143,750 points)
It won't be in 9.1.3 which is due out in the week starting 9 October 2016. But we will discuss the best way to do this for the following release.

The main issue is that it is unclear whether this should be logged as a failed login attempt. Probably the first attempt should be ignored, but subsequent attempts can't be, otherwise it could be used as a DOS attack.
commented Oct 10, 2016 by AJK (140 points)
OK. Thank you.
...