Closed symgryph closed 3 years ago
Hej @symgryph,
sorry for delay. Had a lot on my mind... I really like your Idea. Would you implement the feature?
Best, Christian
Yes I would implement it. We currently use it for some of our developers to upload stuff. I would to get rid of the idiots who are trying to attack me.
Nice! Thanks a lot. 😊
I don’t know how to program unfortunately. I thought you meant help you test it.
Hehe,
all good. We'll get around that. I'm happy to leave it to you for testing :)
Hej @symgryph,
I've added some unified log output and remote addresses to failed login attempts. You should now find the following three possiblities:
WARN[0023] User failed to login address=127.0.0.1 error="username not found or password empty" user=foo
WARN[0035] User failed to login address=127.0.0.1 error="Password doesn't match" user=user
WARN[0073] User failed to login address=127.0.0.1 error="user not found" user=foo
It would be nice if you could give your two cents to the improvement.
Best, Christian
does this support ipv6?
Thomas J Munn
On Aug 24, 2020, at 17:31, Christian Claus notifications@github.com wrote:
 Hej @symgryph,
I've added some unified log output and remote addresses to failed login attempts. You should now find the following three possiblities:
WARN[0023] User failed to login address=127.0.0.1 error="username not found or password empty" user=foo WARN[0035] User failed to login address=127.0.0.1 error="Password doesn't match" user=user WARN[0073] User failed to login address=127.0.0.1 error="user not found" user=foo It would be nice if you could give your two cents to the improvement.
Best, Christian
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
Good point! Now it should. ;)
I’ll check in a new code tonight and see how it does.
Thomas J Munn
On Aug 25, 2020, at 04:52, Christian Claus notifications@github.com wrote:
 Good point! Now it should. ;)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
Feature went into the current release
If you were to log "User x failed to login" I could use fail2ban to stop evil users from brute forcing me. I could use a proxy, but was curios what you thought about adding this security feature?