Notify Illegal access to authorized user
This feature will notify authorized user about the 3 consecutive illegal access to his/her account.This will send an email to user's email provided at the time of account creation ,to notify when 3 password fails occur .This will also send the IP address from which fails has occurred.
Upstream link : https://www.drupal.org/node/2883760
This features notifies the authorized user about fraudulent attempts to access their account by sending a mail.
This feature does not require to be engaged by the administrator. It is enabled by default with the event_log module.
One hook api function called hook_mail is used in event_log.module.
- hook_mail : Prepare a message based on parameters; called from drupal_mail(). https://api.drupal.org/api/drupal/modules%21system%21system.api.php/function/hook_mail/7.x
In the event_log_insert() function, when the current log operation is “fail”, another user defined function called event_log_login_fail() is called.
- event_log_login_fail() : It checks whether the user is authorized user and if it is, it queries the event_log database to fetch the previous fail login operations to check if the timestamps are in a vicinity of two minutes.
- The feature that logs data to file instead of database contradicts the dependency that events are logged to the database. For this feature previous fail entries of logs are accessed. But, accessing these entries from the file will be catastrophic because files are accessed sequentially, leading to significant overheads.
- This issue can be resolved by simply disabling this feature when admin enables log to file feature.This is done by using check condition on value present in checkbox event_log_file_enable in module event_log_file.
- Ability to log to a file instead of a database
- Backup event_log database content
- Clear log messages button
- Notify Illegal access to authorized user
- Log Data to Cloud (Experimental)