Elite Posted September 10, 2007 Posted September 10, 2007 When viewing locked accounts, rather than only seeing first and last failure dates, number of total failues, and a list of IPs failing to login, it'd be really nice if we could see the failures in a highly detailed list format instead.Something like:127.0.0.1 - June 4th, 2007 - 6:09 PM127.0.0.1 - June 4th, 2007 - 6:10 PM127.0.0.1 - June 4th, 2007 - 6:10 PM127.0.0.1 - June 4th, 2007 - 6:14 PM127.0.0.1 - June 4th, 2007 - 6:14 PM127.0.0.1 - June 4th, 2007 - 6:14 PM1.1.1.1 - June 19th, 2007 - 1:01 AMEct, ect.Even just:127.0.0.1 - June 4th, 2007, 6:09 PM - 6 times1.1.1.1 - June 19th, 2007, 1:01 AM - 1 timesI understand that during a very powerful brute force attack (80 trys/minute), the first method could get very out of hand, so perhaps the second method might be more suitable (unless there are 50 bots trying 80 times per minute).Basically, I'd just like to see the logging a little more verbose. I'm mainly looking to see how many times each IP failed to login, and at what time it occurred.I hope you consider this, thanks IPS!P.S. Perhaps you could even just completely overhaul the failed login logging, and just log *ALL* failed account logins? (with perhaps the option to enable/disable it?) Please? Pretty please?-Elite
bfarber Posted September 11, 2007 Posted September 11, 2007 Actually, all of the data you are requesting IS logged presently, it's just not displayed in that fashion. i.e. on IPS Beyond looking at an account (that is obviously someone tried to login with, but is not theirs)187,1184260302-213.229.200.187,1184815974-203.99.173.179,1185234525-24.163.220.166,1185234541-24.163.220.166,1185234547-24.163.220.166,1186379751-213....,1183315652-87.194.112.101,1184260281-213.229.200.First bit is the timestamp, second (after the -) is the IP, each attempt separated by a comma. Your first suggestion, as you said, would get unruly.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.