BastianBalthasarBux
commented
5 years ago - look at the log (TYPO3 log in admin area). you will notice the wrong logins. (or look at the page=0 in page-tree list-view)
- you can clean-up blocks by clearing the according database table. there you also find in-depth information about blocks. There is also a scheduled task for the task scheduler, to cleanup failed logins.
- after an account/ip-address has been blocked, the login process won't get routed anymore to the login-service. this is an expected behaviour.
- user won't get notified about blocking. this is wanted behaviour (otherwise this would be a great opportunity to leak usernames e.g.)
- blocking is done also on ip-addresses similar to well-known apache-module fail2ban ( https://www.fail2ban.org/wiki/index.php/Main_Page ). otherwise one attacker could try all possibly previously leaked usernames before getting blocked more or less totally ...
EDIT: in the end, this is a support request, not an issue ;)
marexx
I'm using TYPO3 8.7.7 with this extension. But i'm not sure if it's really working. I can experience the delay, after each false try, but i don't get any message after reaching the limit, when the user is blocked. How can I achieve that? And last time i tried it, after trying it serveral times with different User-Accounts it seems that every Account was blocked, even those i didn't use. The only way to login again, was to uninstall loginlimit... Any hints on that?
best regards
Marek