[BlueOnyx:24484] Re: unclear display of information
Michael Stauber
mstauber at blueonyx.it
Wed Nov 11 11:48:08 -05 2020
Hi Ed,
> What does "Access" on the "Security => Failed Logins" page mean?
When an IP address failed to authenticate properly for as many times as
defined in the "Host rule" (like 30x in 1h), it will be blocked.
However, these blocks are temporary and reset after a certain time.
While the IP is blocked , the field "Access" reads as "No". After the
block has expired, the field "Access" reads as "Yes".
> The number of IPs listed with Access set to "Yes" varies almost every
> time I load that page.
Yeah, eventually IPs that no longer caused any recent issues will be
expired from the display.
> Plus, the "Yes" logins never appear on the "Security => Logins" page.
This could be users of yours who managed to authenticate incorrectly a
few times and eventually figured out what they did wrong and got in. Or
it could be more sinister. You might want to cross-reference these IPs
with your logfiles. /var/log/maillog or /var/log/secure in this case.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list