Include uid in flood control "UserEvents::FLOOD_BLOCKED_USER" event to be logged when a IP was blocked

Created on 17 April 2024, 8 months ago
Updated 23 April 2024, 8 months ago

Problem/Motivation

Attacks sometimes focus on certain accounts and it's helpful to know that. For example to find out that an admin username or email address is under attack.

Currently the Flood control watchdog message just logs general information, when using the IP based blocking:

Flood control blocked login attempt from XXX.XXX.XXX.XXX

When logging this, the system should know, which username has been tried to login with. So it would be great to add that information to watchdog:

Flood control blocked login attempt for user "Administraor" from XXX.XXX.XXX.XXX

Steps to reproduce

Configure IP based wrong login limits and try logging in with a wrong passwords as often as configured, until you see the message "Login failed" "Too many failed login attempts from your IP address. This IP address is temporarily blocked. Try again later or request a new password. "

Then the watchdig message above should also appear in logs.

Proposed resolution

Extend the watchdog message by the username that was tried to log in as.
If there are any concerns (I don't have), make this configurable.

Remaining tasks

User interface changes

API changes

Data model changes

Feature request
Status

Needs work

Version

11.0 🔥

Component
User module 

Last updated 4 days ago

Created by

🇩🇪Germany Anybody Porta Westfalica

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Merge Requests

Comments & Activities

Production build 0.71.5 2024