Within the past week, several of our members have complained that when logging in they are getting a message saying that their account is locked because they exceeded the number of failed login attempts allowed. However, they are sometimes getting it the first time they login, or they are getting it after only one failed attempt. This tells me that either something is not working correctly with the login system, or else a person or bot is trying to brute force members' accounts.
First, is there anything that might cause that error to come up when it shouldn't?
Second, is there a good way to keep track of failed Xenforo logins?