Quote:
Originally Posted by Onur
@sandalwood
1. no, on this hook are no userinfo avalible
2. this is possible at next release
|
ok i understand, thats too bad. though the ip address is known, and only one user will have been logged in using that ip address at that time, so perhaps you can somehow set another hook later so WHEN we do know the username, you can have a little check in there that will record it to file.
i know this would only matter for attacks from users, and that many attacks are not even from users, or from people who never log in. but some are
when the incident happens, record what we know, perhaps with ip address, and the set a variable like "intrusion_detected = 1" sort of thing. then in a separate hook at some point where we know the user logged in and we have username, check that variable, and if intrusion_detected is set, then record their username/ip to the file, so that way we can cross-reference it or something.
isn't there some kind of global variable that can be used? how does that work.
also, even if you can't do the second part, why not record the IP address at least. that way we can manually cross reference it, just search for the ip in the admin console and that will show us what user(s) have used that ip.
thanks
ps. this has never tripped for me except in testing. i guess most attacks are not in the URL part but in post string.