MyBB Community Forums

When I couldn't find such thing as ACP login action log, I was actually surprised that MyBB does not include this functionality yet IMHO it's just necessary.

When someone tries to bruteforce our ACP panel we don't know anything about it (till the server slows down).
When login failure is detected MyBB should log these information, along with IP addresses.

Further versions should have a module called Security log, where the information could be stored. Going foward, it should also log bruteforce attempts to the main login forum (on the forums).

(2012-08-04, 06:55 PM)Devilshakerz Wrote: [ -> ]When someone tries to bruteforce our ACP panel we don't know anything about it (till the server slows down).

There is a bruteforce protection and you get a mail every time the login fails.

(2012-08-04, 07:42 PM)StefanT Wrote: [ -> ]

(2012-08-04, 06:55 PM)Devilshakerz Wrote: [ -> ]When someone tries to bruteforce our ACP panel we don't know anything about it (till the server slows down).

There is a bruteforce protection and you get a mail every time the login fails.

Built-in? I've got an email only when administrator account is blocked (i.e. after 5 mistakes).

No one can brute force in five tries.

See this plugin: http://www.mybbsecurity.net/topic-admin-...mail-v-1-0

Yep, I've checked Mybbsecurity.net couple hours ago, but you should really consider implementing this feature in 1.8 - with database logging it is very easy to monitor malicious actions (the whole history in one place). A few another forum scripts also displays admin login history in ACP index page, and e.g. phpBB logs this in the main admin actions log (positive login also is saved).

I agree with this suggestion, even if there's a plugin to get a notification there's no reason why there shouldn't be a core edit on this.