Real-time monitoring and threat analysis system // ACCESS LEVEL: DEVELOPER ONLY
| CLIENT_ID | REASON | BANNED_AT | EXPIRES_AT | ACTIONS |
|---|---|---|---|---|
| Loading... | ||||
| TIMESTAMP | EVENT_TYPE | CLIENT_ID | IP_ADDRESS | DETAILS |
|---|---|---|---|---|
| Loading... | ||||
| NAME | SIZE | CREATED | AGE_DAYS |
|---|---|---|---|
| Loading... | |||
| BACKUP_FOLDER | FILES | TOTAL_SIZE | CREATED | AGE_DAYS | MANIFEST | ACTIONS |
|---|---|---|---|---|---|---|
| Loading... | ||||||
> Hover over items for detailed information
> Test and monitor comprehensive protection mechanisms
Monitor all active user sessions across devices and locations. Detect multiple simultaneous logins and suspicious access patterns.
Unique device identification based on browser characteristics. Prevents token theft and unauthorized device access.
Comprehensive logging of all admin actions. Audit trail with 7-day retention and automatic cleanup.
Real-time detection of suspicious patterns: rapid actions, unusual access times, location anomalies.
Emergency token invalidation system. Instantly revoke all sessions for a user in case of compromise.
Helmet middleware with comprehensive CSP, HSTS, and XSS protection. Prevents clickjacking, MIME sniffing, and common web attacks.
DOMPurify sanitization for all user-generated content. Strips dangerous tags, scripts, and event handlers while preserving safe HTML.
Comprehensive MIME type validation with extension cross-checking. Prevents malicious file uploads via extension spoofing.
Detects and blocks refresh token replay attacks. Automatically revokes all user sessions when token reuse is detected.
Cross-Site Request Forgery protection infrastructure ready. Token generation active, route protection pending deployment.
Automatic JWT token refresh every 50 seconds. Extends session on activity and prevents forced logout during active use.
Permanent email blacklist system. Blocks repeat spam offenders and duplicate account creators from ever registering again.
Admin activity logs and resolved security alerts are automatically deleted after 7 days for privacy compliance. Active sessions and unresolved alerts are retained until manually resolved. Spam cleanup runs automatically every 6 hours.
Automatically blocks malicious IPs after repeated failed login attempts. Tracks attempts per IP address and enforces temporary bans to prevent brute force attacks.
node backend/test-ip-blacklist.js
IP blacklist protects against brute force attacks by automatically banning IPs that exceed the configured failed attempt threshold. All banned IPs are logged in MongoDB with timestamps and reasons.
> Automated testing for session lifecycle management
Tests automatic cleanup of expired sessions every 5 minutes
Verifies sessions expire after 60 minutes of inactivity
Ensures no multiple active sessions per device
Verifies logout sessions are removed after 10 minutes of inactivity
> Automated testing for IP blacklist and failed login protection
> Automatic token refresh for enhanced security
> Test API request/response encryption
> Execute comprehensive security tests to validate all protection mechanisms
| TIME | TEST_NAME | STATUS | DETAILS |
|---|---|---|---|
| NO TESTS RUN | |||