Shouldn’t login attempts with blacklisted users result in lockouts?
-
As far as I can see, the blacklist works in a way that just hides that an inexistant username hase been tried for login. There seems to be no logging for that.
Wouldn’t it make sense to treat this the same way as a regular failed login attempt resulting in blocking the IP it originated from for the configured period? Either period would seem to be prferential to not doing so.
If that doesn’t make sense – why?
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Shouldn’t login attempts with blacklisted users result in lockouts?’ is closed to new replies.
