Discover IP of Unauthorized Admin Login Attempt?

[DeanW]

Hey gang,

I received an email stating the system had locked out the IP of someone who had attempted to login as the Admin account 3 times unsuccessfully from a particular city.

It was not me. No one has the Admin password other than myself.

It will unlock in 7 hours. I presume they attempted to log in as Admin into the main system, not the ACP.

I see that I can view the IPs of registrants, but I cannot find any log or IP of the person who was locked out for attempting to hack into my system.

Am I missing something?

 

[AndyF]

Missing ? Yes. Read on...

If you go to the ACP Dashboard page (the default "landing" page as such) on the right click the 'Add' button.

Choose "Failed admin logins" and add it. You can move it about as needed.

Now you should see the block itself...

Click as indicated...

Here is the full list. Note the tabs to select and filter/view by  "Unsuccessful" "Successful" or "All" , also note the prune settings. Default is (IIRC) 30 days before it throws them out.

You can actually get to this page without the block if you really wanted, but you'd have to manipulate the URL a bit when in the ACP. To do this (not really recommended to be honest) its (ACP URL and Session +) &app=core&module=staff&controller=admin&do=loginLogs&sortby=admin_time&sortby=admin_time&sortdirection=desc

[DeanW]

9 hours ago, AndyF said:

Missing ? Yes. Read on...

Amazingly well documented. I appreciate the extra effort you took

AndyF stands for AndyF'ing awesome

 

[AndyF]

16 hours ago, DeanW said:

Amazingly well documented. I appreciate the extra effort you took

AndyF stands for AndyF'ing awesome

 

Thank you for your kind comments.