Open lapineige opened 5 years ago
Does Pixelfed provide some logs for (failed) login attempts ? With the IP ?
Does Pixelfed provide some logs for (failed) login attempts ? With the IP ?
I don't know, have to be checked on Pixelfed project
Feel free to make a PR for the fail2ban
As this app expose a public login form, it should be protected against password brute force with fail2ban.
The account is not yet linked to the SSO / yunohost account, so it might not be a big security issue for the rest of the instance… yet it would be better to add that protection.
PS: I write that here as a reminder, I guess you have other priorities right now ;) (and maybe someone will use that issue to get involved with a quick contribution :)