generate emails when someone logs in to admin cp
#3
Such kind of notification would be a beneficial security addon.
(2020-06-22, 10:31 PM)Crazycat Wrote: Great idea.
And send mail only if it's a new (not used in the last 2 months ?) IP for this username
Many ISPs do a forced IP change to customers at intervals. So I would not rely on IP addresses.

Another improvement would be to log and mail any attempt of usernames not being member of Administrators group.
Mind that bots and web spiders/crawlers may use forms for login attempts as well, so a mail notification could end up in a bunch of emails.
Login check can also be tied to a counter on login attempts with the same IP address.
There are a lot of ideas to consider and achieve such a security feature with mail notification.


Nevertheless...
the best way to secure the ACP is to rename (hide) the ./admin directory and using an additional honeypot login page instead Wink
Be careful: Never visit a new website from the same ACP browser tab - the webserver of the new called website will see the ACP URL as referrer in it's logs files.

[ExiTuS]
New Forum / MyBB 1.8.26 + innovative full-responsive Theme
Live-Escape-Game-Forum
Reply


Messages In This Thread
RE: generate emails when someone logs in to admin cp - by [ExiTuS] - 2020-06-23, 09:15 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)