2020-06-23, 09:15 AM
Such kind of notification would be a beneficial security addon.
Another improvement would be to log and mail any attempt of usernames not being member of Administrators group.
Mind that bots and web spiders/crawlers may use forms for login attempts as well, so a mail notification could end up in a bunch of emails.
Login check can also be tied to a counter on login attempts with the same IP address.
There are a lot of ideas to consider and achieve such a security feature with mail notification.
Nevertheless...
the best way to secure the ACP is to rename (hide) the ./admin directory and using an additional honeypot login page instead
Be careful: Never visit a new website from the same ACP browser tab - the webserver of the new called website will see the ACP URL as referrer in it's logs files.
[ExiTuS]
(2020-06-22, 10:31 PM)Crazycat Wrote: Great idea.Many ISPs do a forced IP change to customers at intervals. So I would not rely on IP addresses.
And send mail only if it's a new (not used in the last 2 months ?) IP for this username
Another improvement would be to log and mail any attempt of usernames not being member of Administrators group.
Mind that bots and web spiders/crawlers may use forms for login attempts as well, so a mail notification could end up in a bunch of emails.
Login check can also be tied to a counter on login attempts with the same IP address.
There are a lot of ideas to consider and achieve such a security feature with mail notification.
Nevertheless...
the best way to secure the ACP is to rename (hide) the ./admin directory and using an additional honeypot login page instead
Be careful: Never visit a new website from the same ACP browser tab - the webserver of the new called website will see the ACP URL as referrer in it's logs files.
[ExiTuS]
MyBB Forum + innovative full-responsive Theme
Live-Escape-Game-Forum
Live-Escape-Game-Forum