Reply to thread

The Login Attempts Log (which can only be made visible via add-ons) has a serious design flaw.  It purges the entire log for the user whenever there is a successful login.  This means you can almost never track if someone is attempting to brute force a user password over a long period, and even worse, if password guessing is successful then, the logging that would show the perpetual attempts is deleted.


A security log that purges itself when an attacker is successful is all but useless.


Back
Top Bottom