Hi,

It is great how this module develops. The recent changes make it really more convenient and I have less complains from my users. Thank you for the great work. To extend the security even more I would recommend to log "Login attempt failed for " also if username/password combination is correct but the google code is wrong.

I want to use this in connection with fail2ban to block the logins at the firewall. This works if the user has not ga login assigned but with ga login the mentioned watchlog message is not printed and, therefore, fail2ban will not be informed. One could write a specialized message (since the fail2ban module) offers this, but I also think in general it would be good practice to log something if authentication fails.

What do you think of it?

If wished I can have a look in it and try to provide a patch.

best
Martin

Comments

attiks’s picture

Good idea, I don't really have the time to work on this, so a patch would be nice

attiks’s picture

Version: 7.x-1.3 » 7.x-1.x-dev

Any chance you have a patch already, so we can add it to the new release?

attiks’s picture

Issue summary: View changes
Status: Active » Closed (works as designed)

Closing this, feel free to re-open if you (or someone else) can provide a patch