auth.log file in OM?
#2238
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
As far as I know, OM doesn't have a mechanism by which all failed authentications in Frontend and Backend are recorded in a file, for example a file named auth.log in Linux. If it had and there are grabbed IP's then it could automatically block an attacking address.
There is an open PR that limits failed authentications. I did not analyze it, but to record an IP in a file is important. An automatic or manual analysis of the file with failed authentications would reveal the attacks, especially on the Frontend side.
I use HoneySpam with an 85% success rate for subscribe to the newsletter (in the absence of using reCaptcha which visitors do not like for reasons of time). All collected addresses are automatically blocked for a period of 30 days.
Beta Was this translation helpful? Give feedback.
All reactions