We have moved to GitHub Issues
Created by Sebastiaan Janssen 07 May 2015, 09:56:47 Updated by Sebastiaan Janssen 27 Jul 2015, 12:39:27
Relates to: U4-6878
Currently we log successful backoffice logins:
2015-05-07 11:37:19,610  INFO Umbraco.Web.Security.WebSecurity - [Thread 61] User Id: 0 logged in
In order to be able to investigate brute force attempts we should also log failed logins and with both logs we should also log the IP of the person attempting to log in (also to figure out if credentials are stolen and used by someone else).
Commit made by '''Sebastiaan Janssen''' on ''2015-05-10T17:47:32+02:00'' https://github.com/umbraco/Umbraco-CMS/commit/c34605937c85a8c1c101b7ae04699b19f24926ac
U4-6603 Log failed login attempts
This is great for logging but the logs should really be done where the underlying auth occurs which is the Membershipprovider. Ideally we also enforce the rules of the membership provider lockout strategy but we need to fix this first: http://issues.umbraco.org/issue/U4-222 So people can reset their passwords if they are locked out or forget them.
Type: Feature (planned)
Assignee: Shannon Deminick
Backwards Compatible: True
Fix Submitted: Pull request
Due in version: 7.2.5