• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

LoginSecurity 1.2.1

No permission to download

Lyphiard

Active member
#1
Lyphiard submitted a new resource:

LoginSecurity - Log all user and admin login attempts!

This addon will provide the ability for you to record all login attempts for all users, as well as for administrators. The addon will record information such as the IP address the attempt was made from, the time of the attempt, whether the attempt was successful or not, whether 2FA was required or not, and whether 2FA was successful or not.

Features:
  • Users will be able to see their own login attempts under "Login Security"
  • Users have the option of being emailed when they login...
Read more about this resource...
 

Mouth

Well-known member
#7
Users can opt to receive an e-mail when they log in with a new IP. This is by default on.
Any chance this can be off by default? I don't want users to start receiving emails automatically everytime they logon between desktop and mobile.
 

Lyphiard

Active member
#9
Any chance this can be off by default? I don't want users to start receiving emails automatically everytime they logon between desktop and mobile.
I've added a new option in ACP, but you'll need to modify the column lsec_notify_new_ip in the table xf_user_option for any existing users.
 
#11
Hey @Lyphiard,

Love this addon. Great job on it!

One thing I would love to see is the ability to give staff members (aka moderators) the ability to see the last X number of login attempts on any particular user from the frontend. For my particular community, the administrator control panel is limited to myself and one other person, but I'd love to be able to give some staff members the ability to see this from the frontend. A couple of ways this could be accomplished is through a tab on each user's profile or some user lookup page within a moderator's account, similar to Moderator Essentials' IP lookup feature.

As is though, it's a great addon. Thanks for taking the time to develop it and put it out there. :)
 

Lyphiard

Active member
#13
#14
Hey @Lyphiard ,

Great addon, thank you very much.

Would it be possible to add an IP whitelist option for the users ?
A lot of our users (including me ;) ) are constantly switching between the same networks (home, office etc.), but do not want to deactivate the email option for security reasons. Would be great if there was an option set some "trusted IPs" per user.
 

Lyphiard

Active member
#15
Hey @Lyphiard ,

Great addon, thank you very much.

Would it be possible to add an IP whitelist option for the users ?
A lot of our users (including me ;) ) are constantly switching between the same networks (home, office etc.), but do not want to deactivate the email option for security reasons. Would be great if there was an option set some "trusted IPs" per user.
Do you mean for ACP logins?
 
#16
Nice addon thank you. I'm a right saying that it doesn't notify users of failed login attempt or notify selected admins of failed control panel attempts?
 

Lyphiard

Active member
#17
Nice addon thank you. I'm a right saying that it doesn't notify users of failed login attempt or notify selected admins of failed control panel attempts?
No, it currently does not. If someone decides to try to log into 100 admin accounts, I don't think it would be wise to send out 100 email notifications.

I might add a future feature where it will send a notification to certain people if there were X failed admin login attempts within the last Y minutes.
 
#18
No, it currently does not. If someone decides to try to log into 100 admin accounts, I don't think it would be wise to send out 100 email notifications.

I might add a future feature where it will send a notification to certain people if there were X failed admin login attempts within the last Y minutes.
You could add ban IP feature after 5 attempts. Include a user whitelist tho :)