How to prevent/detect bot attack on mattermost login form ?
Hi Jamal,
unfortunately, Mattermost itself does only log the authentication failures in debug mode into the mattermost.log file and if there’s a reverse proxy in front of your Mattermost server, you will only see 127.0.0.1 in the logfiles, which does not work well for tools like fail2ban´, f.ex. I'd recommend to parse the access logs of your reverse proxy (if you have one) and search for requests to the user login form there and create fail2ban` policies on that, then.
Thank you for the comment
As far as preventing bot attack which was continuously filling random email and password as fast as possible to web browser url for our mattermost, is there something to turn on in mattermost to slow or prevent that kind of attack like captcha, multi-factor login or something?
That’s exactly what I meant - you would have to check for the POST requests being sent to the login page and record the IP addresses doing so and block them if they do it more often then normal and that’s something you could achieve with fail2ban parsing the logs of the reverse proxy in front of your Mattermost server.