Hi,
Im trying to figure out why theres a difference between the two. If i log in into my website with wrong credientials its says Authentication attempt while sometimes in the log i see an Authentication failure.
That’s a good question - I can add that to the docs.
“<something> attempt” messages are for when something was stopped or blocked. For example:
- if the username doesn’t exist it’s an attempt, whereas if the username exists and the password is wrong then it’s a failure,
- if a user enumeration attempt is blocked
Loosely, if the thing they tried to do was prevented before it got as far as failing.
Good. so best practice would be to add a regex to ban both… Thanks