podcast

Strongbox Notification Emails


The Strongbox security system will send emails to your specified email address(es) when it detects certain types of unusual activity. There are 3 variables in cgi-bin/sblogin/config.pl which affect this behavior. Some webmasters with many busy sites or sites which are the target of many attacks prefer to receive fewer emails, being notified of only the most important information.

@email_addresses

The first sets which email addresses should be notified. On very old installations this variable was called @disabtos. On newer installations it has a better name, @email_addresses. It looks like:

        @email_addresses      = ( 'you@yoursite.com', 'webmistress@yoursite.com' );      

This is a comma separated list of email addresses, all of which will receive identical emails when the Strongbox security system needs to notify you of something. You can have as many email addresses listed as you wish, from none at all to many. Note that the last email address does not have a comma after it.

$notifyof (Status Codes)

If you find that you are receiving more emails than you would like this is one variable you may wish to edit. This is a list of “result codes” that match the result codes shown in the the Strongbox security system reports and the result code which is found in the emails as the last word in the subject line of the email. It looks like this:

       $notifyof             = 'htpffail|opnproxy|attempts|dis_uniq|totllgns|uniqsubs|badchars|uniqcnty';

Some webmasters that get a lot of proxy based dictionary attacks end up receiving a lot of emails about people trying to login via open proxies, status code “opnproxy”, so they choose not be be notified each time this happens, but have the Strongbox security system wait to notify them until it suspends a username of password. To adjust this you can just remove “opnproxy” from the list, so it looks like this:

       $notifyof             = 'htpffail|attempts|dis_uniq|totllgns|uniqsubs|badchars|uniqcnty';

Even if you remove all of the others, you’ll probably want to keep htpffail, which tells you if the Strongbox security system is unable to read the password file (meaning it probably got deleted or moved), and dis_uniq, which tells you when a username is permanently disabled. See the status codes page for a description of all of the possible status codes. For adding new status codes, the “pipe” symbol used to separate these codes is made by holding [shift] while pressing the backslash key just above the [Enter] key.

See the list of status codes.

$max_notices_per_day

Sites which had the Strongbox security system installed after mid 2005 will have a 3rd variable as the next line after $notifyof, called $max_notices_per_day. This tell the Strongbox security systemtm the maximum number of emails it should send in a single day. It looks like:

      $max_notices_per_day  = 25;

You can change the maximum number to any number, from zero to any very large number.