• As far as I can see, the blacklist works in a way that just conceals that an inexistant username hase been tried for login (haven’t tried blacklisting an existing user). There seems to be no logging for that.

    Wouldn’t it make sense to treat this the same way as a regular failed login attempt resulting in blocking the IP it originated from after some similar attempts for the configured period? Either period would seem to be preferential to not doing so. Trying a blacklisted user seems like a pretty good predictor for an attack.

    If that doesn’t make sense – why?

  • The topic ‘Shouldn’t login attempts with blacklisted users result in lockouts?’ is closed to new replies.