Reply to thread

This makes it hard to catch bruteforces in the logs, should return 401

edit:

SELECT COUNT(*) FROM xf_login_attempt WHERE FROM_UNIXTIME(attempt_date) > CURRENT_DATE()

-> 184468

and it's only 5 pm

fix:

edit LoginController.php, after $user = $loginService->validate($input['password'], $error);

change

return $this->view('XF:Login\Form', 'login', $viewParams);

to

                        $view = $this->view('XF:Login\Form', 'login', $viewParams);

                        $view->setResponseCode(401);

                        return $view;