Are Web UI password errors logged?

General support for problems installing or using Deluge
Post Reply
ricksebak
Member
Member
Posts: 12
Joined: Wed Jan 02, 2013 2:11 am

Are Web UI password errors logged?

Post by ricksebak »

If someone uses the wrong password when attempting to use the web UI, is that logged anywhere? I tried all available log levels when starting deluge-web, then put in the wrong password at the web UI, but didn't see it in the logs.

In case it matters, the reason I'm asking is because I'd like to integrate it into fail2ban ( http://www.fail2ban.org/wiki/index.php/Main_Page )
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: Are Web UI password errors logged?

Post by Cas »

No not currently but it is quite trivial to add to webui by adding the following line just before the last line of auth.py

Code: Select all

log.error('Login failed (ClientIP %s)', __request__.getClientIP())
This is how it should look:

Code: Select all

         if self.check_password(password):
             return self._create_session(__request__)
         else:
             log.error('Login failed (ClientIP %s)', __request__.getClientIP())
             return False
and the resulting log message:

Code: Select all

[ERROR   ] 11:59:30 auth:325 Login failed (ClientIP 127.0.0.1)
ricksebak
Member
Member
Posts: 12
Joined: Wed Jan 02, 2013 2:11 am

Re: Are Web UI password errors logged?

Post by ricksebak »

Thanks, the log entry that you posted is exactly what I want. But I wasn't able to get it to output that entry. Here's what I have:

Code: Select all

$ tail -5 /usr/share/pyshared/deluge/ui/web/auth.py
        if self.check_password(password):
            return self._create_session(__request__)
        else:
            log.error('Login failed (ClientIP %s)', __request__.getClientIP())
            return False

$ grep DAEMON2_ARGS= /etc/init.d/deluge-daemon
DAEMON2_ARGS="-L error -l /var/log/deluge/web/error.log"

$ /etc/init.d/deluge-daemon restart
 * Restarting Deluge Daemon deluged                                            [ OK ]
Then I try to log in to the webui with the wrong password, which it rejects, but /var/log/deluge/web/error.log is still empty. Do you know what I'm missing?
Cas
Top Bloke
Top Bloke
Posts: 3679
Joined: Mon Dec 07, 2009 6:04 am
Location: Scotland

Re: Are Web UI password errors logged?

Post by Cas »

You need to be logging deluge-web not deluged.
ricksebak
Member
Member
Posts: 12
Joined: Wed Jan 02, 2013 2:11 am

Re: Are Web UI password errors logged?

Post by ricksebak »

As it turned out, I had everything set up correctly, but deluge-web hadn't restarted. I thought the init script would've done that, but it didn't. After I killed off deluge-web and started it up again it started logging the way I want. Thanks!
ricksebak
Member
Member
Posts: 12
Joined: Wed Jan 02, 2013 2:11 am

Re: Are Web UI password errors logged?

Post by ricksebak »

In case anyone sees this from google or anyone else wants to get fail2ban to work with deluge-web, here's what I ended up doing:

I'm running Ubuntu 12.04, with deluge installed from apt-get, so the locations of files may vary if you are using something else, I guess.

I set line 325 of /usr/share/pyshared/deluge/ui/web/auth.py to basicly what Cas said above:

Code: Select all

            log.error('Login failed from %s', __request__.getClientIP())
I modified the startup script so that it would log errors in deluge-web (line 24 of /etc/init.d/deluge-daemon):

Code: Select all

DAEMON2_ARGS="-L error -l /var/log/deluge/web/error.log"
Then install fail2ban.

fail2ban wouldn't work without having the timestamp at the beginning of the line, so I changed the log format of deluge so that it would do that. Line 62 of /usr/share/pyshared/deluge/log.py:

Code: Select all

        format="%(asctime)s %(levelname)-8s %(module)s:%(lineno)d %(message)s",
If Cas or anyone else has a reason why I shouldn't have changed that, please let me know.

Then restart deluge-web, as I failed to do initially, and deluge-web should be logging in a way that fail2ban can work with. Then I created this filter file for fail2ban (/etc/fail2ban/filter.d/deluge-web.conf):

Code: Select all

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = deluge-web

failregex = .*ERROR.* Login failed from <HOST>
And added this to the end of /etc/fail2ban/jail.conf:

Code: Select all

[deluge-web]

enabled  = true
port     = 8112
filter   = deluge-web
action   = iptables[name=deluge-web, port=8112, protocol=tcp]
logpath  = /var/log/deluge/web/error.log
maxretry = 5
Then reload fail2ban:

Code: Select all

sudo fail2ban-client reload
And that worked. After 5 failed logins at the WebUI the offending IP will be firewalled. Since I have port forwarding set so that the WebUI is accessible from the internet, this should prevent brute force login attempts.
EdoubleDee
New User
New User
Posts: 2
Joined: Tue Mar 21, 2017 11:17 pm

Re: Are Web UI password errors logged?

Post by EdoubleDee »

The above is a bit outdated. I tried to get it to work but I get a fail2ban error. (ERROR Unable to contact server. Is it running?) Can anyone help me resolve this?
I did the following on Raspbian Jessie:

Code: Select all

PORT_DELUGE=8112
DELUGE_USER=pi
apt-get install deluged deluge-console deluge deluge-web fail2ban

# Run on Startup: https://www.howtogeek.com/142044/how-to-turn-a-raspberry-pi-into-an-always-on-bittorrent-box/
wget -O /etc/default/deluge-daemon https://www.howtogeek.com/wp-content/uploads/gg/up/sshot5151a8c86fb85.txt
sed -i "s/DELUGED_USER=\"pi\"/DELUGED_USER=\"${DELUGE_USER}\"/" /etc/default/deluge-daemon
chmod 755 /etc/default/deluge-daemon
wget -O /etc/init.d/deluge-daemon https://www.howtogeek.com/wp-content/uploads/gg/up/sshot5151aa042ad11.txt
chmod 755 /etc/init.d/deluge-daemon
update-rc.d deluge-daemon defaults

DELUGE_INSTALL_LOCATION=/usr/lib/python2.7/dist-packages/deluge
DELUGE_ERROR_LOG_LOCATION=/var/log/deluge/web/error.log
    
#nano /usr/lib/python2.7/dist-packages/deluge/ui/web/auth.py
DELUGE_LOG_ERROR_MESSAGE=$(grep log.error $DELUGE_INSTALL_LOCATION/ui/web/auth.py | cut -d"'" -f2)
    
# modify the startup script so that it will log errors in deluge-web (line 24 of /etc/init.d/deluge-daemon)
sed -i "/DAEMON2_ARGS=/c\DAEMON2_ARGS=\"-L error -l $DELUGE_ERROR_LOG_LOCATION\"" /etc/init.d/deluge-daemon
service deluge-daemon start

# Create the Deluge-filter for fail2ban
#nano /etc/fail2ban/filter.d/deluge-web.conf
cat > /etc/fail2ban/filter.d/deluge-web.conf <<EOF
[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = deluge-daemon

failregex = .*ERROR.* Login failed from ${DELUGE_LOG_ERROR_MESSAGE/\%s/<HOST>}
ignoreregex =
EOF
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak
#nano /etc/fail2ban/jail.conf
cat >> /etc/fail2ban/jail.conf <<EOF

[deluge-web]
enabled  = true
port     = $PORT_DELUGE
filter   = deluge-web
action   = iptables[name=deluge-web, port=$PORT_DELUGE, protocol=tcp]
logpath  = $DELUGE_ERROR_LOG_LOCATION
maxretry = 5
EOF
service fail2ban restart
fail2ban-client status deluge-web
Does anyone know what is wrong with the fail2ban config?
EdoubleDee
New User
New User
Posts: 2
Joined: Tue Mar 21, 2017 11:17 pm

Re: Are Web UI password errors logged?

Post by EdoubleDee »

I also tried to find an error message for the daemon but the error does not include the host:

Code: Select all

[INFO    ] 14:15:09 rpcserver:204 Deluge Client connection made from: 192.168.1.2:64503
[ERROR   ] 14:15:09 rpcserver:266 Username does not exist
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/deluge/core/rpcserver.py", line 260, in dispatch
    ret = component.get("AuthManager").authorize(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/deluge/core/authmanager.py", line 87, in authorize
    raise BadLoginError("Username does not exist")
BadLoginError: Username does not exist
[INFO    ] 14:15:09 rpcserver:224 Deluge client disconnected: Connection to the other side was lost$
[INFO    ] 14:16:03 rpcserver:204 Deluge Client connection made from: 192.168.1.2:64788
[ERROR   ] 14:16:03 rpcserver:266 Password does not match
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/deluge/core/rpcserver.py", line 260, in dispatch
    ret = component.get("AuthManager").authorize(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/deluge/core/authmanager.py", line 93, in authorize
    raise BadLoginError("Password does not match")
BadLoginError: Password does not match
[INFO    ] 14:16:03 rpcserver:224 Deluge client disconnected: Connection to the other side was lost$

ovidiu.birgu

Re: Are Web UI password errors logged?

Post by ovidiu.birgu »

I was having problems with the solution above, so I made an updated version (operating system: ubuntu 16.04.02 with systemd) .
more information can be found here:
http://dev.deluge-torrent.org/wiki/User ... ce/systemd

install deluge web ui

Code: Select all

sudo apt-get install deluged deluge-web
create Deluge Daemon (deluged) Service

Code: Select all

nano /etc/systemd/system/deluged.service
content

Code: Select all

[Unit]
Description=Deluge Bittorrent Client Daemon
After=network-online.target

[Service]
Type=simple
User=ubuntu
Group=ubuntu
UMask=007

ExecStart=/usr/bin/deluged -d

Restart=on-failure

# Configures the time to wait before service is stopped forcefully.
TimeoutStopSec=300

[Install]
WantedBy=multi-user.target
Now enable it to start up on boot, start the service and verify it is running

Code: Select all

systemctl enable /etc/systemd/system/deluged.service
systemctl start deluged
systemctl status deluged
create Deluge Web UI (deluge-web) Service

Code: Select all

nano /etc/systemd/system/deluge-web.service
content

Code: Select all

[Unit]
Description=Deluge Bittorrent Client Web Interface
After=network-online.target

[Service]
Type=simple
User=ubuntu
Group=ubuntu
UMask=027

ExecStart=/usr/bin/deluge-web -l /var/log/deluge/web/error.log -L error

Restart=on-failure

[Install]
WantedBy=multi-user.target
Now enable it to start up on boot, start the service and verify it is running

Code: Select all

systemctl enable /etc/systemd/system/deluge-web.service
systemctl start deluge-web
systemctl status deluge-web
modify deluge so that it logs errors

Code: Select all

nano /usr/lib/python2.7/dist-packages/deluge/ui/web/auth.py
content

Code: Select all

    @export(AUTH_LEVEL_NONE)
    def login(self, password):
        """
        Test a password to see if it's valid.

        :param password: the password to test
        :type password: string
        :returns: a session id or False
        :rtype: string or False
        """
        if self.check_password(password):
            log.info('Login success (ClientIP %s)', __request__.getClientIP())
            return self._create_session(__request__)
        else:
            log.error('Login failed (ClientIP %s)', __request__.getClientIP())
            return False
change format of error log entries so that time appears first

Code: Select all

nano /usr/lib/python2.7/dist-packages/deluge/log.py
content

Code: Select all

def setupLogger(level="error", filename=None, filemode="w"):
    """
    Sets up the basic logger and if `:param:filename` is set, then it will log
    to that file instead of stdout.

    :param level: str, the level to log
    :param filename: str, the file to log to
    """

    if not level or level not in levels:
        level = "error"

    logging.basicConfig(
        level=levels[level],
        format="%(asctime)s %(levelname)-8s %(module)s:%(lineno)d %(message)s",
        datefmt="%H:%M:%S",
        filename=filename,
        filemode=filemode
    )
test that logging works

Code: Select all

cat /var/log/deluge/web/error.log
sample output

Code: Select all

21:47:53 ERROR    auth:330 Login failed (ClientIP 192.168.1.15)
install fail2ban

Code: Select all

sudo apt-get install fail2ban
create new fail2ban jail in jails section

Code: Select all

nano /etc/fail2ban/jail.local
content

Code: Select all

[deluge-web]
enabled  = true
port     = 8112
filter   = deluge-web
action   = iptables[name=deluge-web, port=8112, protocol=tcp]
logpath  = /var/log/deluge/web/error.log
maxretry = 2
create filter configuration for deluge jail

Code: Select all

nano /etc/fail2ban/filter.d/deluge-web.conf 
content

Code: Select all

[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]
_daemon = deluge-web
failregex = .*ERROR.* Login failed .*ClientIP <HOST>.*
restart fail2ban

Code: Select all

sudo service fail2ban stop
sudo service fail2ban start
check if it works

Code: Select all

cat /var/log/fail2ban.log
sudo fail2ban-client status deluge-web
armagedon
New User
New User
Posts: 1
Joined: Sun Mar 22, 2020 12:51 pm

Re: Are Web UI password errors logged?

Post by armagedon »

hello,

thank you for all this informations.
I'm using nginx as front proxy. this makes me unable to get the real ip.
I've made a ticket : https://dev.deluge-torrent.org/ticket/3363
but any help will be appreciate.
Post Reply