@tsteur opened this Issue on November 1st 2015 Member

We should at least optionally notify a user when there is a failed login attempt. I'd have it enabled by default in core but we could also have it as a plugin on the marketplace or by default disabled.

We'd send an email to the owner of the account letting the user know someone tried to log in using his login name. Maybe we'd also add IP address etc? I'm sure there are many examples for this on the internet.

We could also only send it after the second or third failed attempt.

It is a bit related to brute force attack but not really: https://github.com/piwik/piwik/issues/2888

@mattab commented on November 2nd 2015 Member

Nice idea! Maybe a good idea as a first step before #2888

@hpvd commented on November 2nd 2015

sound's great!
maybe one should think of sending this mail not always but only after e.g. 3rd failed login attempted?

@hpvd commented on November 2nd 2015

on the other hand one could extend this to send a mail when some logs in from an other country than the last time (or similar)?

@hpvd commented on November 2nd 2015

putting the IP in the email would be great - maybe one could reuse geoIP feature

@gaumondp commented on November 2nd 2015

We'd send an email to the owner of the account letting the user know someone tried to log in using his login name.

I think superadmin/admin should be made aware too... There's something "fishy" after more than 5 attempts...

@tsteur commented on November 2nd 2015 Member

Good point re other country. I'll create a separate issue for this. They might be developed both in one step at some point but better to have them separated.

@tsteur commented on November 5th 2015 Member

If text messages are configured in a Piwik (eg for scheduled reports) one should ideally also be able to receive it as a text message on your phone to be able to react quickly in case it wasn't you who tried to log in...

@mattab commented on November 26th 2015 Member

I think https://github.com/piwik/piwik/issues/2888 is more valuable first (althrough of course also more complicated to implement)

Powered by GitHub Issue Mirror