Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16452

Failed login attempts should log source IP address

    • Fully Compatible
    • Security [00-02-20-15]

      MongoDB does not log failed login attempts.

      For installations which need to be open to the public internet (for example because you have mobile clients), this makes it basically impossible to implement some sort of brute force prevention, like fail2ban. Fail2Ban scans log files for failed login attempts and uses various mechanisms like iptables or libwrap (not applicable to mongodb) to locks ipadresses out after a certain amount of failed login attempts.

            Assignee:
            spencer.jackson@mongodb.com Spencer Jackson
            Reporter:
            markus.mahlberg@icloud.com Markus Mahlberg
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: