Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggestion: Improve failed login attempts management #196

Closed
Goalfair opened this issue Jun 27, 2023 · 5 comments
Closed

Suggestion: Improve failed login attempts management #196

Goalfair opened this issue Jun 27, 2023 · 5 comments
Assignees
@codeling
Labels
question

Comments

@Goalfair
Copy link

(Joomla 4)

  • Add option(s) to delete entries from the list.
  • Add option to add entries to list of blocked IPs.
  • Add option to change number of displayed entries (seems to be in "logs" right now?)
@codeling codeling self-assigned this Jun 27, 2023
@codeling codeling added this to the BFStop 1.6.0 milestone Jun 27, 2023
@codeling
Copy link
Owner

codeling commented Sep 9, 2023
edited
Loading

Thanks for your input, and sorry for the late reply! Regarding the proposed options, here are my remarks/questions:

  • Add option(s) to delete entries from the list (I assume you mean the "Failed Logins" list?). The list is meant as a log of failed logins, not as something to be modified frequently or even infrequently. I don't really see the use case for needing this, maybe you could share the use case you have in mind? The only thing where this should be required is in specialized experiments by a super user - who should know what he's doing and either should have access to the database where he can delete entries directly in the according table, or who should do the experiments on a non-production server where he has such access.
    Added: There is an option to delete old entries automatically - see the "Prune old attempts" option of the plugins "Advanced" options (the value is in weeks; seems the tooltips I had in place in Joomla 3 describing these options are no longer shown in J4 - I will look into that in Tooltips in Plugin options not shown in J4 #198)

  • "Add option to add entries to list of blocked IPs." This option already exists - see the "New" button on top of the "Blocked IPs" lists

  • "Add option to change number of displayed entries (seems to be in "logs" right now?)" - the lists except for the "logs" already take into account the Joomla-wide limit for table entries - see Global Configuration - Site - Default List Limit. I'm not sure it makes sense to add a separate option for this in bfstop.
    Added: I have added a section on this in the frequently asked questions, and am considering to add an override control to each page in a future version

@codeling codeling removed this from the BFStop 1.6.0 milestone Sep 9, 2023
@codeling codeling mentioned this issue Oct 10, 2023
Closed
@codeling
Copy link
Owner

@Goalfair I have added a separate issue to address your point 3 (see issue linked to above) to better be able to track this individual item.
As for the other items, I currently don't see a need to do something (and would close the issue soon). Or do you have input on use cases for your point 1, or feedback on whether my answer to your point 2 is satisfactory?

@Goalfair
Copy link
Author

Thanks for the reminder. Regarding the list of failed logins I am suggesting an option to delete these logs manually via the Joomla dashboard (without having to edit the database) - basically a button or similar on the same page as the list. The icing on the cake would be some additional settings like "delete entries which are older than X days" or "delete entries containing certain IP/username/source". But I guess this would be a bit too much. The advanced options with the auto-delete settings I have found, I guess this would allow me to manually delete entries as well, for example by setting it to 1 week temporarily, then changing it back to 0? Maybe instead of a dropdown you should allow the user to type a number. As you mentioned the "inline help" is disabled by default (should be enabled by default IMO).

Issue number 2 seems to be working (or I was missing something before), Issue number 3 is a suggestion to move the single setting (show lines), which is now in "Logs" to either "Settings" or Failed logins" (after all the list of failed login attempts is the "log" this setting is related to). I guess what I am trying to say is that in general the options and settings are a bit all over the place right now - most of them can be found in the plugin-settings, however there is no mention of their whereabouts in the component interface/menu (where an average user would probably look for them). Instead there is a settings menu item, which is mostly empty, and probably should either simply contain a link to the plugin settings or the plugin settings should be moved there.

@codeling
Copy link
Owner

codeling commented Oct 11, 2023
edited
Loading

Regarding the list of failed logins I am suggesting an option to delete these logs manually via the Joomla dashboard (without having to edit the database) - basically a button or similar on the same page as the list. The icing on the cake would be some additional settings like "delete entries which are older than X days" or "delete entries containing certain IP/username/source". But I guess this would be a bit too much.

I see. I guess a button to trigger a "delete entries older than..." functionality could be useful; as well as a pointer to the setting for automatic deletion of old entries!

The advanced options with the auto-delete settings I have found, I guess this would allow me to manually delete entries as well, for example by setting it to 1 week temporarily, then changing it back to 0?

I haven't explicitly tested this but it should work, yes.

Maybe instead of a dropdown you should allow the user to type a number.

I'll consider it for the rewrite, see below.

Issue number 3 is a suggestion to move the single setting (show lines), which is now in "Logs" to either "Settings" or Failed logins" (after all the list of failed login attempts is the "log" this setting is related to).

I think you are misunderstanding something there - the "Show lines" option under Logs really only affects how many lines of the log file are shown.

I guess what I am trying to say is that in general the options and settings are a bit all over the place right now - most of them can be found in the plugin-settings, however there is no mention of their whereabouts in the component interface/menu (where an average user would probably look for them). Instead there is a settings menu item, which is mostly empty, and probably should either simply contain a link to the plugin settings or the plugin settings should be moved there.

I hear you - and there is an issue for improving this, but I unfortunately haven't found the time yet to tackle it!

@codeling codeling modified the milestone: BFStop 2.0 Feb 16, 2024
@codeling codeling mentioned this issue Feb 16, 2024
Open
@codeling
Copy link
Owner

codeling commented Feb 16, 2024
edited
Loading

@Goalfair with the release of 1.5.1, the last open thing not covered by any other issue is a better way to clean up entries; to track this separately, and to avoid confusion that would occur if we reuse this already quite lenghty issue for that, I've created a separate entry for this, see #214.
Feel free to comment if I've overlooked something!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codeling codeling

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codeling @Goalfair