I have made a new filter today to secure my CryptPad instance against brute-force attacks. Im using a fail2ban regex filter to match all failed login attempts.
Add the following lines into /etc/fail2ban/filter.d/cryptpad.conf :
failregex = ^<HOST>+[^"]+\"GET /block/+[^"]+\" 404+[^"]+\"https://+[^/]+/login/"
After its done, copy the /etc/fail2ban/jail.conf to /etc/fail2ban/jail.local and add the following lines into /etc/fail2ban/jail.local :
enabled = true
filter = cryptpad
port = http,https
logpath = /var/log/nginx/access.log
Please check if your logpath is right for your server, by default, its inside the /var/log/nginx folder.
The regex filter will find all login attempts that dont find any block files (404 error). It means if someone enters a wrong login and/or password, the hash algorithm will generate a block file which doesn't exist. The filter will catch it.
If someone logins successfully, the block is found so it doesn't generate an error.
I hope this will helps people and the CryptPad team to improve their security !
Thanks for reading 😊