Questions server security

[coolboy714cp]

Hi,

1) When an Administrator logs into the Server, can I intercept this event?
2) When an Administrator logs on to the Server, but the password is wrong, can I intercept this event?

no, you can't intercept admin login events.

Could I suggest this as a feature for a future update? If people could process these kind of events in their own ways, it would make it easier to get notified of such things if you have a popular server that gets continuous logs. If we could write our own extensions to handle these commands I'd definitely write own that makes these events write the IP, Date/Time, and attempted Username (so I know to change the username in the admin tool if it is a real one trying to be guessed) into their own log files and then potentially ban the IP. I know I would rather notice these events more immediately than having to find each attempt in each log file, I would rather have 1 dedicated for that purpose as it would just be much more immediately noticeable.

[Lapo]

Hi,
you can already log and process every login attempt via your own Extensions.

As regards the AdminTool... Security is not about using a weak username and password and then monitoring if someone is trying to guess it You must choose a strong username and password from the beginning, so you don't have to worry that anyone will ever guess it.

What we can do, is detecting incorrect Admin login attempts and maybe auto-ban the client IP address after a number of failed attempts. This can be useful but it can also work against you, if you don't remember your own password.

However I think it could be useful to avoid brute-force Admin attacks, so I still think it could be done. After all, if you're the legitimate admin of the server and you've lost your Admin Password, you can still log into your server via SSH or Remote Desktop and manually check the server configuration.

Hope it helps