Hi,
does someone know if MailWatch writes failed login attempts to a log file?
cheers,
Tobias
MailWatch Login Log
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: MailWatch Login Log
Yes, take a look in the apache logs. You should see the failure responses logged.
Re: MailWatch Login Log
The only thing I found was this line in "ssl_request_log":
this is not really something I could track with fail2ban because if someone just posts the login form but does not follow the redirect this is not called.
and on the other hand this adress could be called even if nothing was entered in the login mask.
do you think there is real authentication failure entry somewhere?
Code: Select all
84.112.4.48 TLSv1.3 TLS_AES_128_GCM_SHA256 "GET /mailscanner/login.php?error=baduser HTTP/1.1"
and on the other hand this adress could be called even if nothing was entered in the login mask.
do you think there is real authentication failure entry somewhere?
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: MailWatch Login Log
This would be a good question for MailWatch. I think there is an audit table in the database that might log failures.